├── .github └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── OWNERS ├── README.md ├── SECURITY_CONTACTS ├── admission ├── admission.go ├── admission_test.go ├── api │ ├── doc.go │ ├── helpers.go │ ├── load │ │ ├── load.go │ │ └── load_test.go │ ├── register.go │ ├── register_test.go │ ├── scheme │ │ ├── scheme.go │ │ └── scheme_test.go │ ├── types.go │ ├── v1 │ │ ├── defaults.go │ │ ├── defaults_test.go │ │ ├── doc.go │ │ ├── register.go │ │ ├── types.go │ │ ├── zz_generated.conversion.go │ │ ├── zz_generated.deepcopy.go │ │ └── zz_generated.defaults.go │ ├── v1alpha1 │ │ ├── defaults.go │ │ ├── defaults_test.go │ │ ├── doc.go │ │ ├── register.go │ │ ├── types.go │ │ ├── zz_generated.conversion.go │ │ ├── zz_generated.deepcopy.go │ │ └── zz_generated.defaults.go │ ├── v1beta1 │ │ ├── defaults.go │ │ ├── defaults_test.go │ │ ├── doc.go │ │ ├── register.go │ │ ├── types.go │ │ ├── zz_generated.conversion.go │ │ ├── zz_generated.deepcopy.go │ │ └── zz_generated.defaults.go │ ├── validation │ │ ├── validation.go │ │ └── validation_test.go │ └── zz_generated.deepcopy.go ├── doc.go ├── main_test.go ├── namespace.go ├── pods.go └── response.go ├── api ├── attributes.go ├── constants.go ├── doc.go ├── helpers.go └── helpers_test.go ├── cmd └── webhook │ ├── server │ ├── options │ │ └── options.go │ ├── scheme.go │ └── server.go │ └── webhook.go ├── code-of-conduct.md ├── doc.go ├── go.mod ├── go.sum ├── metrics ├── doc.go ├── metrics.go └── metrics_test.go ├── policy ├── check_allowPrivilegeEscalation.go ├── check_allowPrivilegeEscalation_test.go ├── check_appArmorProfile.go ├── check_appArmorProfile_test.go ├── check_capabilities_baseline.go ├── check_capabilities_baseline_test.go ├── check_capabilities_restricted.go ├── check_capabilities_restricted_test.go ├── check_hostNamespaces.go ├── check_hostNamespaces_test.go ├── check_hostPathVolumes.go ├── check_hostPathVolumes_test.go ├── check_hostPorts.go ├── check_hostPorts_test.go ├── check_privileged.go ├── check_privileged_test.go ├── check_procMount.go ├── check_procMount_test.go ├── check_restrictedVolumes.go ├── check_restrictedVolumes_test.go ├── check_runAsNonRoot.go ├── check_runAsNonRoot_test.go ├── check_runAsUser.go ├── check_runAsUser_test.go ├── check_seLinuxOptions.go ├── check_seLinuxOptions_test.go ├── check_seccompProfile_baseline.go ├── check_seccompProfile_baseline_test.go ├── check_seccompProfile_restricted.go ├── check_seccompProfile_restricted_test.go ├── check_sysctls.go ├── check_sysctls_test.go ├── check_windowsHostProcess.go ├── check_windowsHostProcess_test.go ├── checks.go ├── checks_test.go ├── doc.go ├── helpers.go ├── registry.go ├── registry_test.go └── visitor.go ├── test ├── doc.go ├── fixtures.go ├── fixtures_allowPrivilegeEscalation.go ├── fixtures_appArmorProfile.go ├── fixtures_capabilities_baseline.go ├── fixtures_capabilities_restricted.go ├── fixtures_hostNamespaces.go ├── fixtures_hostPathVolumes.go ├── fixtures_hostPorts.go ├── fixtures_privileged.go ├── fixtures_procMount.go ├── fixtures_restrictedVolumes.go ├── fixtures_runAsNonRoot.go ├── fixtures_runAsUser.go ├── fixtures_seLinuxOptions.go ├── fixtures_seccompProfile_baseline.go ├── fixtures_seccompProfile_restricted.go ├── fixtures_sysctls.go ├── fixtures_test.go ├── fixtures_windowsHostProcess.go ├── helpers.go ├── helpers_seccomp.go ├── run.go └── testdata │ ├── README.md │ ├── baseline │ ├── v1.0 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.1 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.10 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.11 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.12 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.13 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.14 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.15 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.16 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.17 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.18 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.19 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.2 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.20 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.21 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.22 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.23 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.24 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.25 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.26 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.27 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.28 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.29 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.3 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.30 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.31 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.32 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.4 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.5 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.6 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.7 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ ├── v1.8 │ │ ├── fail │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── apparmorprofile1.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── capabilities_baseline1.yaml │ │ │ ├── capabilities_baseline2.yaml │ │ │ ├── capabilities_baseline3.yaml │ │ │ ├── hostnamespaces0.yaml │ │ │ ├── hostnamespaces1.yaml │ │ │ ├── hostnamespaces2.yaml │ │ │ ├── hostpathvolumes0.yaml │ │ │ ├── hostpathvolumes1.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── hostports1.yaml │ │ │ ├── hostports2.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── privileged1.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── procmount1.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── seccompprofile_baseline1.yaml │ │ │ ├── seccompprofile_baseline2.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── selinuxoptions2.yaml │ │ │ ├── selinuxoptions3.yaml │ │ │ ├── selinuxoptions4.yaml │ │ │ ├── sysctls0.yaml │ │ │ ├── windowshostprocess0.yaml │ │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ │ ├── apparmorprofile0.yaml │ │ │ ├── base.yaml │ │ │ ├── capabilities_baseline0.yaml │ │ │ ├── hostports0.yaml │ │ │ ├── privileged0.yaml │ │ │ ├── procmount0.yaml │ │ │ ├── seccompprofile_baseline0.yaml │ │ │ ├── selinuxoptions0.yaml │ │ │ ├── selinuxoptions1.yaml │ │ │ ├── sysctls0.yaml │ │ │ └── sysctls1.yaml │ └── v1.9 │ │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ └── restricted │ ├── v1.0 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.1 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.10 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.11 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.12 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.13 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.14 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.15 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.16 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.17 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.18 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.19 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.2 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.20 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.21 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.22 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.23 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.24 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.25 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.26 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.27 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.28 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.29 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── base_linux.yaml │ │ ├── base_windows.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.3 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.30 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── base_linux.yaml │ │ ├── base_windows.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.31 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── base_linux.yaml │ │ ├── base_windows.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.32 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── capabilities_restricted1.yaml │ │ ├── capabilities_restricted2.yaml │ │ ├── capabilities_restricted3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── runasuser0.yaml │ │ ├── runasuser1.yaml │ │ ├── runasuser2.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── seccompprofile_restricted3.yaml │ │ ├── seccompprofile_restricted4.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── base_linux.yaml │ │ ├── base_windows.yaml │ │ ├── capabilities_restricted0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasuser0.yaml │ │ ├── seccompprofile_restricted0.yaml │ │ ├── seccompprofile_restricted1.yaml │ │ ├── seccompprofile_restricted2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.4 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.5 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.6 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.7 │ ├── fail │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ ├── v1.8 │ ├── fail │ │ ├── allowprivilegeescalation0.yaml │ │ ├── allowprivilegeescalation1.yaml │ │ ├── allowprivilegeescalation2.yaml │ │ ├── allowprivilegeescalation3.yaml │ │ ├── apparmorprofile0.yaml │ │ ├── apparmorprofile1.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── capabilities_baseline1.yaml │ │ ├── capabilities_baseline2.yaml │ │ ├── capabilities_baseline3.yaml │ │ ├── hostnamespaces0.yaml │ │ ├── hostnamespaces1.yaml │ │ ├── hostnamespaces2.yaml │ │ ├── hostpathvolumes0.yaml │ │ ├── hostpathvolumes1.yaml │ │ ├── hostports0.yaml │ │ ├── hostports1.yaml │ │ ├── hostports2.yaml │ │ ├── privileged0.yaml │ │ ├── privileged1.yaml │ │ ├── procmount0.yaml │ │ ├── procmount1.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── restrictedvolumes1.yaml │ │ ├── restrictedvolumes10.yaml │ │ ├── restrictedvolumes11.yaml │ │ ├── restrictedvolumes12.yaml │ │ ├── restrictedvolumes13.yaml │ │ ├── restrictedvolumes14.yaml │ │ ├── restrictedvolumes15.yaml │ │ ├── restrictedvolumes16.yaml │ │ ├── restrictedvolumes17.yaml │ │ ├── restrictedvolumes18.yaml │ │ ├── restrictedvolumes19.yaml │ │ ├── restrictedvolumes2.yaml │ │ ├── restrictedvolumes3.yaml │ │ ├── restrictedvolumes4.yaml │ │ ├── restrictedvolumes5.yaml │ │ ├── restrictedvolumes6.yaml │ │ ├── restrictedvolumes7.yaml │ │ ├── restrictedvolumes8.yaml │ │ ├── restrictedvolumes9.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── runasnonroot2.yaml │ │ ├── runasnonroot3.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── seccompprofile_baseline1.yaml │ │ ├── seccompprofile_baseline2.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── selinuxoptions2.yaml │ │ ├── selinuxoptions3.yaml │ │ ├── selinuxoptions4.yaml │ │ ├── sysctls0.yaml │ │ ├── windowshostprocess0.yaml │ │ └── windowshostprocess1.yaml │ └── pass │ │ ├── apparmorprofile0.yaml │ │ ├── base.yaml │ │ ├── capabilities_baseline0.yaml │ │ ├── hostports0.yaml │ │ ├── privileged0.yaml │ │ ├── procmount0.yaml │ │ ├── restrictedvolumes0.yaml │ │ ├── runasnonroot0.yaml │ │ ├── runasnonroot1.yaml │ │ ├── seccompprofile_baseline0.yaml │ │ ├── selinuxoptions0.yaml │ │ ├── selinuxoptions1.yaml │ │ ├── sysctls0.yaml │ │ └── sysctls1.yaml │ └── v1.9 │ ├── fail │ ├── allowprivilegeescalation0.yaml │ ├── allowprivilegeescalation1.yaml │ ├── allowprivilegeescalation2.yaml │ ├── allowprivilegeescalation3.yaml │ ├── apparmorprofile0.yaml │ ├── apparmorprofile1.yaml │ ├── capabilities_baseline0.yaml │ ├── capabilities_baseline1.yaml │ ├── capabilities_baseline2.yaml │ ├── capabilities_baseline3.yaml │ ├── hostnamespaces0.yaml │ ├── hostnamespaces1.yaml │ ├── hostnamespaces2.yaml │ ├── hostpathvolumes0.yaml │ ├── hostpathvolumes1.yaml │ ├── hostports0.yaml │ ├── hostports1.yaml │ ├── hostports2.yaml │ ├── privileged0.yaml │ ├── privileged1.yaml │ ├── procmount0.yaml │ ├── procmount1.yaml │ ├── restrictedvolumes0.yaml │ ├── restrictedvolumes1.yaml │ ├── restrictedvolumes10.yaml │ ├── restrictedvolumes11.yaml │ ├── restrictedvolumes12.yaml │ ├── restrictedvolumes13.yaml │ ├── restrictedvolumes14.yaml │ ├── restrictedvolumes15.yaml │ ├── restrictedvolumes16.yaml │ ├── restrictedvolumes17.yaml │ ├── restrictedvolumes18.yaml │ ├── restrictedvolumes19.yaml │ ├── restrictedvolumes2.yaml │ ├── restrictedvolumes3.yaml │ ├── restrictedvolumes4.yaml │ ├── restrictedvolumes5.yaml │ ├── restrictedvolumes6.yaml │ ├── restrictedvolumes7.yaml │ ├── restrictedvolumes8.yaml │ ├── restrictedvolumes9.yaml │ ├── runasnonroot0.yaml │ ├── runasnonroot1.yaml │ ├── runasnonroot2.yaml │ ├── runasnonroot3.yaml │ ├── seccompprofile_baseline0.yaml │ ├── seccompprofile_baseline1.yaml │ ├── seccompprofile_baseline2.yaml │ ├── selinuxoptions0.yaml │ ├── selinuxoptions1.yaml │ ├── selinuxoptions2.yaml │ ├── selinuxoptions3.yaml │ ├── selinuxoptions4.yaml │ ├── sysctls0.yaml │ ├── windowshostprocess0.yaml │ └── windowshostprocess1.yaml │ └── pass │ ├── apparmorprofile0.yaml │ ├── base.yaml │ ├── capabilities_baseline0.yaml │ ├── hostports0.yaml │ ├── privileged0.yaml │ ├── procmount0.yaml │ ├── restrictedvolumes0.yaml │ ├── runasnonroot0.yaml │ ├── runasnonroot1.yaml │ ├── seccompprofile_baseline0.yaml │ ├── selinuxoptions0.yaml │ ├── selinuxoptions1.yaml │ ├── sysctls0.yaml │ └── sysctls1.yaml └── webhook ├── Dockerfile ├── Makefile ├── README.md ├── kustomization.yaml └── manifests ├── 10-namespace.yaml ├── 20-configmap.yaml ├── 20-resourcequota.yaml ├── 20-serviceaccount.yaml ├── 30-clusterrole.yaml ├── 40-clusterrolebinding.yaml ├── 50-deployment.yaml ├── 60-service.yaml ├── 70-validatingwebhookconfiguration.yaml └── kustomization.yaml /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Sorry, we do not accept changes directly against this repository. Please see 2 | CONTRIBUTING.md for information on where and how to contribute instead. 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Webhook binary 2 | pod-security-webhook 3 | 4 | # Directory containing pki files 5 | pki/ -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - sig-auth-policy-approvers 5 | reviewers: 6 | - sig-auth-policy-reviewers 7 | labels: 8 | - sig/auth 9 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /test/testdata/README.md: -------------------------------------------------------------------------------- 1 | The fixtures in this folder are generated by TestFixtures. -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/apparmorprofile1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/initcontainer1: unconfined 6 | name: apparmorprofile1 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.0/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/apparmorprofile1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/initcontainer1: unconfined 6 | name: apparmorprofile1 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.1/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.10/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.11/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.12/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.13/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.14/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.15/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.16/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.17/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.18/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.19/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/apparmorprofile1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/initcontainer1: unconfined 6 | name: apparmorprofile1 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.2/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.20/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.21/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.22/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.23/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.24/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: unconfined 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/privileged0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: 10 | privileged: true 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | securityContext: {} 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/privileged1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: privileged1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | privileged: true 15 | securityContext: {} 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/pass/apparmorprofile0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | container.apparmor.security.beta.kubernetes.io/container1: localhost/foo 6 | name: apparmorprofile0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.25/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.26/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.27/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.28/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.29/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.3/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.30/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.31/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.32/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.4/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.5/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.6/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.7/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.8/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/fail/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | hostPort: 12345 12 | initContainers: 13 | - image: registry.k8s.io/pause 14 | name: initcontainer1 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/fail/hostports1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | ports: 13 | - containerPort: 12346 14 | hostPort: 12346 15 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/fail/seccompprofile_baseline0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | seccomp.security.alpha.kubernetes.io/pod: unconfined 6 | name: seccompprofile_baseline0 7 | spec: 8 | containers: 9 | - image: registry.k8s.io/pause 10 | name: container1 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/fail/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | sysctls: 14 | - name: othersysctl 15 | value: other 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/pass/hostports0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostports0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | ports: 10 | - containerPort: 12345 11 | initContainers: 12 | - image: registry.k8s.io/pause 13 | name: initcontainer1 14 | ports: 15 | - containerPort: 12346 16 | -------------------------------------------------------------------------------- /test/testdata/baseline/v1.9/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: {} 13 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.0/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.0/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.0/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.0/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.0/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.0/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.1/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.1/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.1/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.1/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.1/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.1/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.2/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.2/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.2/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.2/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.2/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.2/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.29/pass/base_windows.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base_windows 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | os: 13 | name: windows 14 | securityContext: 15 | runAsNonRoot: true 16 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.3/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.3/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.3/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.3/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.3/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.3/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.30/pass/base_windows.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base_windows 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | os: 13 | name: windows 14 | securityContext: 15 | runAsNonRoot: true 16 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.31/pass/base_windows.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base_windows 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | os: 13 | name: windows 14 | securityContext: 15 | runAsNonRoot: true 16 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.32/pass/base_windows.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base_windows 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | os: 13 | name: windows 14 | securityContext: 15 | runAsNonRoot: true 16 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.4/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.4/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.4/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.4/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.4/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.4/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.5/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.5/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.5/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.5/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.5/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.5/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.6/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.6/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.6/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.6/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.6/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.6/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.7/fail/hostnamespaces0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostIPC: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.7/fail/hostnamespaces1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces1 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostNetwork: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.7/fail/hostnamespaces2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostnamespaces2 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | hostPID: true 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: 14 | runAsNonRoot: true 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.7/fail/runasnonroot0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: runasnonroot0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | securityContext: {} 10 | initContainers: 11 | - image: registry.k8s.io/pause 12 | name: initcontainer1 13 | securityContext: {} 14 | securityContext: {} 15 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.7/pass/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: base 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /test/testdata/restricted/v1.7/pass/sysctls0.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sysctls0 5 | spec: 6 | containers: 7 | - image: registry.k8s.io/pause 8 | name: container1 9 | initContainers: 10 | - image: registry.k8s.io/pause 11 | name: initcontainer1 12 | securityContext: 13 | runAsNonRoot: true 14 | -------------------------------------------------------------------------------- /webhook/manifests/20-resourcequota.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: pod-security-webhook 5 | namespace: pod-security-webhook 6 | spec: 7 | hard: 8 | pods: 3 9 | scopeSelector: 10 | matchExpressions: 11 | - operator: In 12 | scopeName: PriorityClass 13 | values: 14 | - system-cluster-critical -------------------------------------------------------------------------------- /webhook/manifests/20-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: pod-security-webhook 5 | namespace: pod-security-webhook -------------------------------------------------------------------------------- /webhook/manifests/30-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: pod-security-webhook 5 | rules: 6 | - apiGroups: [""] 7 | resources: ["pods", "namespaces"] 8 | verbs: ["get", "watch", "list"] -------------------------------------------------------------------------------- /webhook/manifests/40-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: pod-security-webhook 5 | subjects: 6 | - kind: ServiceAccount 7 | name: pod-security-webhook 8 | namespace: pod-security-webhook 9 | roleRef: 10 | kind: ClusterRole 11 | name: pod-security-webhook 12 | apiGroup: rbac.authorization.k8s.io -------------------------------------------------------------------------------- /webhook/manifests/60-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webhook 5 | namespace: pod-security-webhook 6 | labels: 7 | app: pod-security-webhook 8 | spec: 9 | ports: 10 | - port: 443 11 | targetPort: webhook 12 | protocol: TCP 13 | name: https 14 | selector: 15 | app: pod-security-webhook -------------------------------------------------------------------------------- /webhook/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - 10-namespace.yaml 3 | - 20-configmap.yaml 4 | - 20-serviceaccount.yaml 5 | - 20-resourcequota.yaml 6 | - 30-clusterrole.yaml 7 | - 40-clusterrolebinding.yaml 8 | - 50-deployment.yaml 9 | - 60-service.yaml 10 | - 70-validatingwebhookconfiguration.yaml 11 | --------------------------------------------------------------------------------