-
-
Save l0rd/87337c08ecf414499681261f9fbcebe2 to your computer and use it in GitHub Desktop.
SCC with high priority and with system:authenticated group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat <<EOF | oc create -f - | |
| kind: SecurityContextConstraints | |
| metadata: | |
| name: restricted-runasuser | |
| priority: 20 | |
| readOnlyRootFilesystem: false | |
| requiredDropCapabilities: | |
| - KILL | |
| - MKNOD | |
| - SETUID | |
| - SETGID | |
| runAsUser: | |
| type: MustRunAsRange | |
| seLinuxContext: | |
| type: MustRunAs | |
| supplementalGroups: | |
| type: RunAsAny | |
| users: [] | |
| volumes: | |
| - configMap | |
| - downwardAPI | |
| - emptyDir | |
| - persistentVolumeClaim | |
| - projected | |
| - secret | |
| allowHostDirVolumePlugin: false | |
| allowHostIPC: false | |
| allowHostNetwork: false | |
| allowHostPID: false | |
| allowHostPorts: false | |
| allowPrivilegeEscalation: true | |
| allowPrivilegedContainer: false | |
| allowedCapabilities: null | |
| apiVersion: security.openshift.io/v1 | |
| defaultAddCapabilities: null | |
| fsGroup: | |
| type: MustRunAs | |
| groups: | |
| - system:authenticated | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment