selinux

Usage

kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/mutation/pod-security-policy/selinux/samples/mutation.yaml

Mutation Examples

apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
  name: k8spspselinux
spec:
  applyTo:
  - groups: [""]
    kinds: ["Pod"]
    versions: ["v1"]
  location: spec.containers[name:*].securityContext.seLinuxOptions
  parameters:
    pathTests:
    - subPath: spec.containers[name:*].securityContext.seLinuxOptions
      condition: MustNotExist
    assign:
      value:
        level: s1:c234,c567
        user: sysadm_u
        role: sysadm_r
        type: svirt_lxc_net_t

selinux

Usage​

Mutation Examples​

Usage

Mutation Examples