cscott/okd-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add CHOWN cap

Browse Source
This commit is contained in:
Conan Scott
2026-01-12 21:32:01 +11:00
parent 43522548f7
commit f6edffea0d
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/scc/scc-restricted-hostpath-privesc.yaml
View File

@@ -9,7 +9,8 @@ allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
allowedCapabilities:
- CHOWN
defaultAddCapabilities: null
fsGroup:
type: MustRunAs
@@ -36,3 +37,4 @@ volumes:
- projected
- secret
priority: 6 # Higher than restricted-s6 (5) due to hostPath access