Kubewarden policy psp-allowed-proc-mount-types

Description

Replacement for the Kubernetes Pod Security Policy that controls the usage of proc mount types in containers within a pod.

Settings

This policy works by defining what proc mount types are allowed in containers. They can be left empty (defaulted by Kubernetes), Default or Unmasked. This policy protects against pods that contain at least one container with Unmasked proc mount type, that can potentially expose host information to the container.

The following setting keys are accepted for this policy:

allow_unmasked_proc_mount_type: allows the containers, init containers or ephemeral containers within a pod to set .spec.securityContext.procMount to Unmasked. Otherwise, the pod or the ephemeral request subresource request will be rejected.

allow_unmasked_proc_mount_type is false by default.

Name		Name	Last commit message	Last commit date
Latest commit History 112 Commits
.github/workflows		.github/workflows
src		src
.gitignore		.gitignore
CODEOWNERS		CODEOWNERS
CONTRIBUTING.md		CONTRIBUTING.md
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
artifacthub-pkg.yml		artifacthub-pkg.yml
artifacthub-repo.yml		artifacthub-repo.yml
hub.yml		hub.yml
metadata.yml		metadata.yml
questions-ui.yml		questions-ui.yml
renovate.json		renovate.json

License

kubewarden/allowed-proc-mount-types-psp-policy

Folders and files

Latest commit

History

Repository files navigation

Kubewarden policy psp-allowed-proc-mount-types

Description

Settings

About

Topics

Resources

License

Stars

Watchers

Forks

Languages