Skip to content

Instantly share code, notes, and snippets.

@ashutosh-narkar
Created July 23, 2021 17:41
Show Gist options
  • Save ashutosh-narkar/cb37b0341f8ee1c3dbc5dd95eba50c1c to your computer and use it in GitHub Desktop.
Save ashutosh-narkar/cb37b0341f8ee1c3dbc5dd95eba50c1c to your computer and use it in GitHub Desktop.
package kubernetes.validating.deny_privilege_escalation
deny[msg] {
some c
input_container[c]
not c.securityContext.allowPrivilegeEscalation == false
msg := sprintf("Container '%v' should not have allowPrivilegeEscalation set to true.", [c.name])
}
input_container[container] {
container := input.request.object.spec.containers[_]
}
input_container[container] {
container := input.request.object.spec.initContainers[_]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment