Added the disallow-privilege-escalation policy changes

nirmata · Feb 21, 2024 · ead7213 · ead7213
1 parent d2a3b07
commit ead7213
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 5 deletions.
diff --git a/charts/best-practices-workload-security/templates/e2e/chainsaw-test.yaml b/charts/best-practices-workload-security/templates/e2e/chainsaw-test.yaml
@@ -22,7 +22,7 @@ spec:
         file: enforce-policy-assert.yaml
     - script:
         content: |
-        if kubectl debug -it goodpod02-registry --image=busybox:1.35 --target=k8s-nginx -n ir-pods-namespace; then exit 1; else exit 0; fi;
+          if kubectl debug -it goodpod02-registry --image=busybox:1.35 --target=k8s-nginx -n ir-pods-namespace; then exit 1; else exit 0; fi;
     - apply:
         expect:
         - check:

diff --git a/...ity/restricted/disallow-privilege-escalation/remediate-disallow-privilege-escalation.yaml b/...ity/restricted/disallow-privilege-escalation/remediate-disallow-privilege-escalation.yaml
@@ -39,15 +39,12 @@ spec:
                   containers:
                     - (name): "{{ element.name }}"
                       securityContext:
-                        (allowPrivilegeEscalation): true
                         allowPrivilegeEscalation: false
                   initContainers:
                     - (name): "{{ element.name }}"
                       securityContext:
-                        (allowPrivilegeEscalation): true
                         allowPrivilegeEscalation: false
                   ephemeralContainers:
                     - (name): "{{ element.name }}"
                       securityContext:
-                        (allowPrivilegeEscalation): true
-                        allowPrivilegeEscalation: false
+                        allowPrivilegeEscalation: false