Verified Commit 8c143958 authored by Pierre-Louis Bonicoli's avatar Pierre-Louis Bonicoli 🏗
Browse files

Add AUDIT_WRITE capability & mount /sys/fs/cgroup ro

parent 33ee862e
......@@ -20,6 +20,9 @@
- name: '{{ item.name }}'
image: '{{ item.image }}'
imagePullPolicy: '{{ item.image_pull | default("IfNotPresent") }}'
securityContext:
capabilities:
add: ['AUDIT_WRITE']
command: '{{ item.command | default(["/bin/sh", "-c"]) }}'
args: >-
{{ [] if item.command|default(false) else (item.args | default(["while true; do sleep 30; done;"])) }}
......
......@@ -23,6 +23,7 @@ platforms:
name: tmpfs-lock
- mountPath: /sys/fs/cgroup
name: cgroup
readOnly: true
volumes: &volumes
- name: tmpfs-tmp
emptyDir:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment