Add SYS_CHROOT capability to container security context
All checks were successful
Build k8s-mgmt-pod image / Build & Push (push) Successful in 28s
All checks were successful
Build k8s-mgmt-pod image / Build & Push (push) Successful in 28s
This commit is contained in:
parent
5584dc1f29
commit
795d3844dc
1 changed files with 1 additions and 1 deletions
|
|
@ -85,7 +85,7 @@ spec:
|
|||
readOnlyRootFilesystem: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
add: ["CHOWN", "DAC_OVERRIDE", "FOWNER", "SETGID", "SETUID"]
|
||||
add: ["CHOWN", "DAC_OVERRIDE", "FOWNER", "SETGID", "SETUID", "SYS_CHROOT"]
|
||||
volumes:
|
||||
- name: state
|
||||
emptyDir: {}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue