Important
Notice: Starting from Kubewarden release 1.32.0, all code from this repository has been merged into github.com/kubewarden/policies, which is now a monorepo containing policies. Please refer to that repository for future updates and development. This repository is now archived. Development continues in the new location.
Replacement for the Kubernetes Pod Security Policy that controls the usage of proc mount types in containers within a pod.
This policy works by defining what proc mount types are allowed in containers. They can be left
empty (defaulted by Kubernetes), Default or Unmasked. This policy protects against pods that
contain at least one container with Unmasked proc mount type, that can potentially expose host
information to the container.
The following setting keys are accepted for this policy:
allow_unmasked_proc_mount_type: allows the containers, init containers or ephemeral containers within a pod to set.spec.securityContext.procMounttoUnmasked. Otherwise, the pod or the ephemeral request subresource request will be rejected.
allow_unmasked_proc_mount_type is false by default.