Added policy to block running as the root user

cruise-automation / k-rail

Kubernetes security tool for policy enforcement

Apache License 2.0

443 stars 54 forks source link

Added policy to block running as the root user #116

Closed djcass44 closed 3 years ago

djcass44 commented 3 years ago

Adds a policy to block pods where the securityContext will allow a container/pod to run as the root user. An example of a valid securityContext is:

securityContext:
  runAsUser: 1234
---
securityContext:
  runAsNonRoot: true # assumes that the image has an appropriate `USER` directive

It can be set at the pod level or at the container level. If set at the container level and not at the pod level, it must be set for all containers (including init containers).

dkiser commented 3 years ago

@djcass44 - Thanks for the contribution! I left a small comment.