diff --git a/staging/src/k8s.io/pod-security-admission/policy/check_procMount_test.go b/staging/src/k8s.io/pod-security-admission/policy/check_procMount_test.go index 8fd77c9dc6e..1f1c833e50a 100644 --- a/staging/src/k8s.io/pod-security-admission/policy/check_procMount_test.go +++ b/staging/src/k8s.io/pod-security-admission/policy/check_procMount_test.go @@ -27,6 +27,7 @@ func TestProcMount(t *testing.T) { unmaskedValue := corev1.UnmaskedProcMount otherValue := corev1.ProcMountType("other") + hostUsers := false tests := []struct { name string pod *corev1.Pod @@ -43,6 +44,7 @@ func TestProcMount(t *testing.T) { {Name: "d", SecurityContext: &corev1.SecurityContext{ProcMount: &unmaskedValue}}, {Name: "e", SecurityContext: &corev1.SecurityContext{ProcMount: &otherValue}}, }, + HostUsers: &hostUsers, }}, expectReason: `procMount`, expectDetail: `containers "d", "e" must not set securityContext.procMount to "Unmasked", "other"`, diff --git a/staging/src/k8s.io/pod-security-admission/test/fixtures_procMount.go b/staging/src/k8s.io/pod-security-admission/test/fixtures_procMount.go index a2e7405e307..98d33f17404 100644 --- a/staging/src/k8s.io/pod-security-admission/test/fixtures_procMount.go +++ b/staging/src/k8s.io/pod-security-admission/test/fixtures_procMount.go @@ -23,6 +23,7 @@ import ( ) func init() { + hostUsers := false fixtureData_1_0 := fixtureGenerator{ expectErrorSubstring: "procMount", generatePass: func(p *corev1.Pod) []*corev1.Pod { @@ -33,6 +34,7 @@ func init() { validProcMountType := corev1.DefaultProcMount copy.Spec.Containers[0].SecurityContext.ProcMount = &validProcMountType copy.Spec.InitContainers[0].SecurityContext.ProcMount = &validProcMountType + copy.Spec.HostUsers = &hostUsers }), } }, @@ -44,11 +46,13 @@ func init() { tweak(p, func(copy *corev1.Pod) { unmaskedProcMountType := corev1.UnmaskedProcMount copy.Spec.Containers[0].SecurityContext.ProcMount = &unmaskedProcMountType + copy.Spec.HostUsers = &hostUsers }), // set proc mount of init container to a forbidden value tweak(p, func(copy *corev1.Pod) { unmaskedProcMountType := corev1.UnmaskedProcMount copy.Spec.InitContainers[0].SecurityContext.ProcMount = &unmaskedProcMountType + copy.Spec.HostUsers = &hostUsers }), } }, diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount0.yaml index 5e47a75fde5..b443b30aa26 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount1.yaml index accf6c3d7fe..f5d907d5447 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/procmount0.yaml index e75080af28a..53468519b32 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount0.yaml index 5da8de94566..9aeece9c488 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount1.yaml index 2e62ce91c1d..61326203a53 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/procmount0.yaml index 388940ba10a..a697359032e 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount0.yaml index 5da8de94566..9aeece9c488 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount1.yaml index 2e62ce91c1d..61326203a53 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/procmount0.yaml index 388940ba10a..a697359032e 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount0.yaml index 5da8de94566..9aeece9c488 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount1.yaml index 2e62ce91c1d..61326203a53 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/procmount0.yaml index 388940ba10a..a697359032e 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.23/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.24/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.25/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.26/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.27/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.28/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount0.yaml index bd1b35c65be..25790769b1b 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount1.yaml index 631fae1369e..04e86120075 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/fail/procmount1.yaml @@ -11,6 +11,7 @@ spec: capabilities: drop: - ALL + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/pass/procmount0.yaml index aacd7351a8a..5db5a5c947a 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.29/pass/procmount0.yaml @@ -12,6 +12,7 @@ spec: drop: - ALL procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount0.yaml index bfa87c51208..25d31e96ca6 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount1.yaml index ff1fd0a5f2b..dbe53a1e7c4 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/procmount1.yaml @@ -7,6 +7,7 @@ spec: - image: registry.k8s.io/pause name: container1 securityContext: {} + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/procmount0.yaml index 9057eb7348c..ad004fa9810 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/procmount0.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount0.yaml index 4d7d14cc298..3cb5b16be7d 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Unmasked + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount1.yaml index 56f00909665..87201fb3d4c 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount1.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/procmount1.yaml @@ -8,6 +8,7 @@ spec: name: container1 securityContext: allowPrivilegeEscalation: false + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1 diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/procmount0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/procmount0.yaml index 7b70bb3b507..e3ec5a9dbcd 100755 --- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/procmount0.yaml +++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/procmount0.yaml @@ -9,6 +9,7 @@ spec: securityContext: allowPrivilegeEscalation: false procMount: Default + hostUsers: false initContainers: - image: registry.k8s.io/pause name: initcontainer1