Open saurabhpandit opened 4 years ago
issue-label-bot[bot]
commented
4 years ago Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.85. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
xunholy
commented
4 years ago 5.2.1 Minimize the admission of privileged containers
This policy has been completed by virtue of the KubeSec benchmark https://github.com/raspbernetes/k8s-gitops/blob/master/policies/K.SEC.05.rego
Even though there is double up might be worth just using this existing one and creating a new file with the same content essentially for when we push to OCI registry
xunholy
commented
4 years ago Same situation with the following:
5.2.2 Minimize the admission of containers wishing to share the host process ID namespace
https://github.com/raspbernetes/k8s-gitops/blob/master/policies/K.SEC.12.rego
5.2.3 Minimize the admission of containers wishing to share the host IPC namespace
https://github.com/raspbernetes/k8s-gitops/blob/master/policies/K.SEC.10.rego
5.2.4 Minimize the admission of containers wishing to share the host network namespace
https://github.com/raspbernetes/k8s-gitops/blob/master/policies/K.SEC.11.rego
5.2.5 Minimize the admission of containers with allowPrivilegeEscalation
https://github.com/raspbernetes/k8s-gitops/blob/master/policies/K.SEC.15.rego
capabilities may also have some slight overlap.
issue-label-bot[bot]
commented
4 years ago Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.75. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
5.2 Pod Security Policies