From e22a93fc8bb616e8caddb2abeaf51ba83661852a Mon Sep 17 00:00:00 2001 From: jdesouza Date: Tue, 12 Nov 2024 14:09:18 -0300 Subject: [PATCH] Added another chec --- pkg/config/checks/procMount.yaml | 25 +------------------ .../passing_test.daemonset.v1beta2.yaml | 4 +++ 2 files changed, 5 insertions(+), 24 deletions(-) diff --git a/pkg/config/checks/procMount.yaml b/pkg/config/checks/procMount.yaml index 8fa74d74b..84c571c23 100644 --- a/pkg/config/checks/procMount.yaml +++ b/pkg/config/checks/procMount.yaml @@ -1,7 +1,7 @@ successMessage: The default /proc masks are set up to reduce attack surface, and should be required failureMessage: Proc mount must not be changed from the default category: Security -target: PodSpec +target: Container schema: '$schema': http://json-schema.org/draft-07/schema type: object @@ -17,26 +17,3 @@ schema: procMount: type: string const: Default - initContainers: - type: array - items: - type: object - properties: - securityContext: - type: object - properties: - procMount: - type: string - const: Default - ephemeralContainers: - type: array - items: - type: object - properties: - securityContext: - type: object - properties: - procMount: - type: string - const: Default - \ No newline at end of file diff --git a/test/webhook_cases/passing_test.daemonset.v1beta2.yaml b/test/webhook_cases/passing_test.daemonset.v1beta2.yaml index 1e884a3c3..0862bd124 100644 --- a/test/webhook_cases/passing_test.daemonset.v1beta2.yaml +++ b/test/webhook_cases/passing_test.daemonset.v1beta2.yaml @@ -39,5 +39,9 @@ spec: terminationGracePeriodSeconds: 30 volumes: - name: varlog + hostPath: + path: /var/log - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers