Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

Commit

Permalink
revert seccomp rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@hadar-co
hadar-co committed Jun 29, 2023
1 parent 283fb47 commit a9730e0
Showing 1 changed file with 40 additions and 30 deletions.
70 changes: 40 additions & 30 deletions pkg/defaultRules/defaultRules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3352,43 +3352,53 @@ rules:
impact: Using the default seccomp profile may allow risky privileges for workloads
schema:
definitions:
annotationsPattern:
properties:
metadata:
properties:
annotations:
properties:
seccomp.security.alpha.kubernetes.io/pod:
enum:
- docker/default
- runtime/default
required:
- seccomp.security.alpha.kubernetes.io/pod
required:
- annotations
required:
- metadata
seccompProfilePattern:
podAnnotationsPattern:
if:
properties:
kind:
enum:
- Pod
required:
- kind
then:
properties:
metadata:
properties:
annotations:
properties:
seccomp.security.alpha.kubernetes.io/pod:
enum:
- docker/default
- runtime/default
required:
- seccomp.security.alpha.kubernetes.io/pod
required:
- annotations
required:
- metadata
templateAnnotationsPattern:
properties:
spec:
properties:
securityContext:
template:
properties:
seccompProfile:
metadata:
properties:
type:
enum:
- RuntimeDefault
- DockerDefault
annotations:
properties:
seccomp.security.alpha.kubernetes.io/pod:
enum:
- docker/default
- runtime/default
required:
- seccomp.security.alpha.kubernetes.io/pod
required:
- type
- annotations
required:
- seccompProfile
required:
- securityContext
anyOf:
- $ref: "#/definitions/annotationsPattern"
- $ref: "#/definitions/seccompProfilePattern"
- metadata
allOf:
- $ref: "#/definitions/podAnnotationsPattern"
- $ref: "#/definitions/templateAnnotationsPattern"
additionalProperties:
$ref: "#"
items:
Expand Down

0 comments on commit a9730e0

Please sign in to comment.