-
Notifications
You must be signed in to change notification settings - Fork 98
/
Copy pathprivileged.json
59 lines (59 loc) · 1.57 KB
/
privileged.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
{
"metadata": {
"name": "privileged",
"selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/privileged",
"uid": "304c202a-bcf6-4294-9192-1849ee7c78f6",
"resourceVersion": "1582",
"generation": 1,
"creationTimestamp": "2021-01-20T17:14:27Z",
"annotations": {
"include.release.openshift.io/self-managed-high-availability": "true",
"kubernetes.io/description": "privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. WARNING: this is the most relaxed SCC and should be used only for cluster administration. Grant with caution.",
"release.openshift.io/create-only": "true"
}
},
"priority": null,
"allowPrivilegedContainer": true,
"defaultAddCapabilities": null,
"requiredDropCapabilities": null,
"allowedCapabilities": [
"*"
],
"allowHostDirVolumePlugin": true,
"volumes": [
"*"
],
"allowHostNetwork": true,
"allowHostPorts": true,
"allowHostPID": true,
"allowHostIPC": true,
"allowPrivilegeEscalation": true,
"seLinuxContext": {
"type": "RunAsAny"
},
"runAsUser": {
"type": "RunAsAny"
},
"supplementalGroups": {
"type": "RunAsAny"
},
"fsGroup": {
"type": "RunAsAny"
},
"readOnlyRootFilesystem": false,
"users": [
"system:admin",
"system:serviceaccount:openshift-infra:build-controller"
],
"groups": [
"system:cluster-admins",
"system:nodes",
"system:masters"
],
"seccompProfiles": [
"*"
],
"allowedUnsafeSysctls": [
"*"
]
}