cscott/okd-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add CHOWN cap

Browse Source
This commit is contained in:
Conan Scott
2026-01-12 21:32:01 +11:00
parent 43522548f7
commit f6edffea0d
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/scc/scc-restricted-hostpath-privesc.yaml
View File

@@ -9,7 +9,8 @@ allowHostPID: false
allowHostPorts: false allowHostPorts: false
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
allowPrivilegedContainer: false allowPrivilegedContainer: false
allowedCapabilities: null allowedCapabilities:
- CHOWN
defaultAddCapabilities: null defaultAddCapabilities: null
fsGroup: fsGroup:
type: MustRunAs type: MustRunAs
@@ -36,3 +37,4 @@ volumes:
- projected - projected
- secret - secret
priority: 6 # Higher than restricted-s6 (5) due to hostPath access priority: 6 # Higher than restricted-s6 (5) due to hostPath access