From 8b65362c75f2267e84cbea4da36003f712384806 Mon Sep 17 00:00:00 2001
From: Conan Scott <conanscott@gmail.com>
Date: Tue, 13 Jan 2026 10:06:35 +1100
Subject: [PATCH] made some naming errors. fixed

---
 manifests/scc/scc-restricted-hostpath-privesc.yaml | 4 ++--
 manifests/scc/scc-restricted-hostpath.yaml         | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/manifests/scc/scc-restricted-hostpath-privesc.yaml b/manifests/scc/scc-restricted-hostpath-privesc.yaml
index 991bd0b..28c0989 100644
--- a/manifests/scc/scc-restricted-hostpath-privesc.yaml
+++ b/manifests/scc/scc-restricted-hostpath-privesc.yaml
@@ -1,13 +1,13 @@
 apiVersion: security.openshift.io/v1
 kind: SecurityContextConstraints
 metadata:
-  name: restricted-hostpath-privesc
+  name: restricted-hostpath-privesc # this scc allows hostPath and allowPrivilegeEscalation
 allowHostDirVolumePlugin: true
 allowHostIPC: false
 allowHostNetwork: false
 allowHostPID: false
 allowHostPorts: false
-allowPrivilegeEscalation: false
+allowPrivilegeEscalation: true
 allowPrivilegedContainer: false
 allowedCapabilities:
   - CHOWN
diff --git a/manifests/scc/scc-restricted-hostpath.yaml b/manifests/scc/scc-restricted-hostpath.yaml
index bb939e9..7ea899a 100644
--- a/manifests/scc/scc-restricted-hostpath.yaml
+++ b/manifests/scc/scc-restricted-hostpath.yaml
@@ -2,12 +2,12 @@ apiVersion: security.openshift.io/v1
 kind: SecurityContextConstraints
 metadata:
   name: restricted-hostpath
-allowHostDirVolumePlugin: true # Needed for /dev/dri hostPath
+allowHostDirVolumePlugin: true #this scc allows hostPath
 allowHostIPC: false
 allowHostNetwork: false
 allowHostPID: false
 allowHostPorts: false
-allowPrivilegeEscalation: true
+allowPrivilegeEscalation: false
 allowPrivilegedContainer: false
 allowedCapabilities:
   - CHOWN