Skip to content

Commit

Permalink
drop NET_RAW capability from maintenance container
Browse files Browse the repository at this point in the history 
Signed-off-by: Ivan Milchev <[email protected]>
  • Loading branch information
@imilchev
imilchev committed Nov 1, 2022
1 parent 0fc2914 commit 33c6f9a
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions manifests/base/maintenance.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ spec:
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
capabilities:
drop:
- NET_RAW
volumeMounts:
- name: tmp
mountPath: /tmp
Expand Down

0 comments on commit 33c6f9a

Please sign in to comment.