genpolicy: validate probe process fields

Validate more process fields for k8s probe commands - e.g.,
livenessProbe, readinessProbe, etc.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>

src/tools/genpolicy/rules.rego

@@ -686,6 +686,7 @@ allow_process_common(p_process, i_process, s_name) {
 allow_process(p_process, i_process, s_name) {
     print("allow_process: start")
 
+    allow_args(p_process, i_process, s_name)
     allow_process_common(p_process, i_process, s_name)
     allow_caps(p_process.Capabilities, i_process.Capabilities)
     p_process.Terminal == i_process.Terminal
@@ -697,7 +698,6 @@ allow_process(p_process, i_process, s_name) {
 allow_interactive_process(p_process, i_process, s_name) {
     print("allow_interactive_process: start")
 
-    allow_args(p_process, i_process, s_name)
     allow_process_common(p_process, i_process, s_name)
     allow_exec_caps(i_process.Capabilities)
 
@@ -707,6 +707,17 @@ allow_interactive_process(p_process, i_process, s_name) {
     print("allow_interactive_process: true")
 }
 
+# Compare the OCI Process field of a policy container with the input process field from ExecProcessRequest
+allow_probe_process(p_process, i_process, s_name) {
+    print("allow_probe_process: start")
+
+    allow_process_common(p_process, i_process, s_name)
+    allow_exec_caps(i_process.Capabilities)
+    p_process.Terminal == i_process.Terminal
+
+    print("allow_probe_process: true")
+}
+
 allow_user(p_process, i_process) {
     p_user := p_process.User
     i_user := i_process.User