From 952e5b4497c195960e9984f96d5aa3bcff7dc9df Mon Sep 17 00:00:00 2001
From: "Charlie R.C" <chenr.fnst@cn.fujitsu.com>
Date: Sat, 3 Jun 2017 05:11:38 +0800
Subject: [PATCH] add host paths to psp (#3971)

* add host paths to psp

* add italics
---
 docs/concepts/policy/pod-security-policy.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/concepts/policy/pod-security-policy.md b/docs/concepts/policy/pod-security-policy.md
index c9b22cce03..60297a2ed4 100644
--- a/docs/concepts/policy/pod-security-policy.md
+++ b/docs/concepts/policy/pod-security-policy.md
@@ -35,6 +35,7 @@ administrator to control the following:
 | The use of host ports                                         | `hostPorts`                       |
 | The use of host's PID namespace                               | `hostPID`                         |
 | The use of host's IPC namespace                               | `hostIPC`                         |
+| The use of host paths                                         | [`allowedHostPaths`](#allowed-host-paths)    |
 | The SELinux context of the container                          | [`seLinux`](#selinux)             |
 | The user ID                                                   | [`runAsUser`](#runasuser)         |
 | Configuring allowable supplemental groups                     | [`supplementalGroups`](#supplementalgroups) |
@@ -126,7 +127,10 @@ configMap, downwardAPI, emptyDir, persistentVolumeClaim, secret, and projected.
 
 ### Host Network
  - *HostPorts*, default `empty`. List of `HostPortRange`, defined by `min`(inclusive) and `max`(inclusive), which define the allowed host ports.
- 
+
+### Allowed Host Paths
+ - *AllowedHostPaths* is a white list of allowed host path prefixes. Empty indicates that all host paths may be used.
+
 ## Admission
 
 _Admission control_ with `PodSecurityPolicy` allows for control over the