Skip to content
/ allowed-proc-mount-types-psp-policy Public

Replacement for the Kubernetes Pod Security Policy that controls the usage of /proc mount types

kubewarden.io

License

Apache-2.0 license
7 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kubewarden/allowed-proc-mount-types-psp-policy

BranchesTags

Repository files navigation

Kubewarden Policy Repository Stable

Kubewarden policy psp-allowed-proc-mount-types

Description

Replacement for the Kubernetes Pod Security Policy that controls the usage of proc mount types in containers within a pod.

Settings

This policy works by defining what proc mount types are allowed in containers. They can be left empty (defaulted by Kubernetes), Default or Unmasked. This policy protects against pods that contain at least one container with Unmasked proc mount type, that can potentially expose host information to the container.

The following setting keys are accepted for this policy:

  • allow_unmasked_proc_mount_type: allows the containers, init containers or ephemeral containers within a pod to set .spec.securityContext.procMount to Unmasked. Otherwise, the pod or the ephemeral request subresource request will be rejected.

allow_unmasked_proc_mount_type is false by default.

About

Replacement for the Kubernetes Pod Security Policy that controls the usage of /proc mount types

kubewarden.io

Topics

kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

7 stars

Watchers

5 watching

Forks

5 forks
Report repository

Releases 12

Release v0.1.11 Latest
Jul 22, 2024
+ 11 releases

Packages

 
 
 

Contributors 9

Languages