add host paths to psp (#3971)

* add host paths to psp * add italics
2017-06-03 05:11:38 +08:00 · 2017-06-03 05:11:38 +08:00 · 952e5b4497
parent 6cbd6bda67
commit 952e5b4497
1 changed files with 5 additions and 1 deletions
--- a/docs/concepts/policy/pod-security-policy.md
+++ b/docs/concepts/policy/pod-security-policy.md
@ -35,6 +35,7 @@ administrator to control the following:
 | The use of host ports                                         | `hostPorts`                       |
 | The use of host's PID namespace                               | `hostPID`                         |
 | The use of host's IPC namespace                               | `hostIPC`                         |
+| The use of host paths                                         | [`allowedHostPaths`](#allowed-host-paths)    |
 | The SELinux context of the container                          | [`seLinux`](#selinux)             |
 | The user ID                                                   | [`runAsUser`](#runasuser)         |
 | Configuring allowable supplemental groups                     | [`supplementalGroups`](#supplementalgroups) |
@ -126,7 +127,10 @@ configMap, downwardAPI, emptyDir, persistentVolumeClaim, secret, and projected.

 ### Host Network
 - *HostPorts*, default `empty`. List of `HostPortRange`, defined by `min`(inclusive) and `max`(inclusive), which define the allowed host ports.
- 
+
+### Allowed Host Paths
+ - *AllowedHostPaths* is a white list of allowed host path prefixes. Empty indicates that all host paths may be used.
+
 ## Admission

 _Admission control_ with `PodSecurityPolicy` allows for control over the