The AllowPrivilegeEscalation Pod Security Policy controls whether or not a user is allowed to set the security context of a container to True. Setting it to False ensures that no child process of a container can gain more privileges than its parent.
We recommend you to set AllowPrivilegeEscalation to False, to ensure RunAsUser commands cannot bypass their existing sets of permissions.
- Resource: Container
- Argument: allowPrivilegeEscalation (Optional)
If false, the pod can not request to allow privilege escalation. Default to true.
apiVersion: v1 kind: Pod metadata: name: <Pod name> spec: containers: - name: <container name> image: <image> securityContext: + allowPrivilegeEscalation: false
Updated about 1 year ago