kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed broken link

pull/40885/head
niranjandarshann 2023-04-28 22:39:33 +05:30
parent 648cda5113
commit d8a6fd602c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/en/docs/concepts/security/pod-security-standards.md
View File

@ -326,7 +326,7 @@ fail validation.
<tr>
<td style="white-space: nowrap">Privilege Escalation (v1.8+)</td>
<td>
<p>Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed. <em><a href="#policies-specific-to-linux">This is Linux only policy</a> in v1.25+ <code>(spec.os.name != windows)</code></em></p>
<p>Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed. <em><a href="#OS-specific policy controls">This is Linux only policy</a> in v1.25+ <code>(spec.os.name != windows)</code></em></p>
<p><strong>Restricted Fields</strong></p>
<ul>
<li><code>spec.containers[*].securityContext.allowPrivilegeEscalation</code></li>
@ -381,7 +381,7 @@ fail validation.
<tr>
<td style="white-space: nowrap">Seccomp (v1.19+)</td>
<td>
<p>Seccomp profile must be explicitly set to one of the allowed values. Both the <code>Unconfined</code> profile and the <em>absence</em> of a profile are prohibited. <em><a href="#policies-specific-to-linux">This is Linux only policy</a> in v1.25+ <code>(spec.os.name != windows)</code></em></p>
<p>Seccomp profile must be explicitly set to one of the allowed values. Both the <code>Unconfined</code> profile and the <em>absence</em> of a profile are prohibited. <em><a href="#OS-specific policy controls">This is Linux only policy</a> in v1.25+ <code>(spec.os.name != windows)</code></em></p>
<p><strong>Restricted Fields</strong></p>
<ul>
<li><code>spec.securityContext.seccompProfile.type</code></li>
@ -407,7 +407,7 @@ fail validation.
<td>
<p>
Containers must drop <code>ALL</code> capabilities, and are only permitted to add back
the <code>NET_BIND_SERVICE</code> capability. <em><a href="#policies-specific-to-linux">This is Linux only policy</a> in v1.25+ <code>(.spec.os.name != "windows")</code></em>
the <code>NET_BIND_SERVICE</code> capability. <em><a href="#OS-specific policy controls">This is Linux only policy</a> in v1.25+ <code>(.spec.os.name != "windows")</code></em>
</p>
<p><strong>Restricted Fields</strong></p>
<ul>