Mount policies
Kubernetes
The following demo shows mount policies being enforced on Kubernetes pods.
YAML files can be found here.
The policy violations in deployments-should-fail.yaml file are:
- nginx-restricted-fail deployment trying to make a host mount while having a restricted policy
- bpf-default-fail and bpf-baseline-fail deployment trying to mount
/sys/fs/bpfwhile having a baseline policy - bpf-restricted-fail trying to mount
/sys/fs/bpfwhile having a restricted policy.
