Closed flavio closed 2 years ago
This is now done. I am going to double check that we have implemented all PSP's in the different splitted policies.
I've compared what we have with this exhaustive list.
It looks like we have to implement only two policies: the readOnlyRootFilesystem
and the defaultAllowPrivilegeEscalation
. In some cases I think we can solve that by extending one of the already existing policies we have. I'll file dedicated issues for that
Sigh, sorry for not doing this. And thanks for having checked.
@flavio don't we miss the seccomp policy as well? We have the policy to check the annotation, but should not we have the policy to verify the request's securityContext
?
Yes, we are missing seccomp.
@jvanz yes, please file a dedicated issue inside of the policy-hub repo, then start working on that as we discussed during the daily :+1: :pray:
This is now completed 🎉
This is an epic that keeps track of porting the missing PSP policies to Kubewarden.
Currently, mutating admission policies cannot be done with tinygo, yet they can be done using rust or swift.
To implement
Polices are sorted by decreasing priority:
To extend