diff --git a/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_baseline.go b/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_baseline.go
index 1fa62953ee6..aad61738b50 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_baseline.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_baseline.go
@@ -41,11 +41,13 @@ func init() {
 	addCheck(CheckCapabilitiesBaseline)
 }
 
+const checkCapabilitiesBaselineID CheckID = "capabilities_baseline"
+
 // CheckCapabilitiesBaseline returns a baseline level check
 // that limits the capabilities that can be added in 1.0+
 func CheckCapabilitiesBaseline() Check {
 	return Check{
-		ID:    "capabilities_baseline",
+		ID:    checkCapabilitiesBaselineID,
 		Level: api.LevelBaseline,
 		Versions: []VersionedCheck{
 			{
diff --git a/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_restricted.go b/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_restricted.go
index fd2e09729a6..48b1ea897b5 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_restricted.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/check_capabilities_restricted.go
@@ -62,8 +62,9 @@ func CheckCapabilitiesRestricted() Check {
 		Level: api.LevelRestricted,
 		Versions: []VersionedCheck{
 			{
-				MinimumVersion: api.MajorMinorVersion(1, 22),
-				CheckPod:       capabilitiesRestricted_1_22,
+				MinimumVersion:   api.MajorMinorVersion(1, 22),
+				CheckPod:         capabilitiesRestricted_1_22,
+				OverrideCheckIDs: []CheckID{checkCapabilitiesBaselineID},
 			},
 		},
 	}
diff --git a/staging/src/k8s.io/pod-security-admission/policy/check_hostPathVolumes.go b/staging/src/k8s.io/pod-security-admission/policy/check_hostPathVolumes.go
index 600f3734516..3a419ff2495 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/check_hostPathVolumes.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/check_hostPathVolumes.go
@@ -38,11 +38,13 @@ func init() {
 	addCheck(CheckHostPathVolumes)
 }
 
+const checkHostPathVolumesID CheckID = "hostPathVolumes"
+
 // CheckHostPathVolumes returns a baseline level check
 // that requires hostPath=undefined/null in 1.0+
 func CheckHostPathVolumes() Check {
 	return Check{
-		ID:    "hostPathVolumes",
+		ID:    checkHostPathVolumesID,
 		Level: api.LevelBaseline,
 		Versions: []VersionedCheck{
 			{
diff --git a/staging/src/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go b/staging/src/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go
index a559a7f9c5e..e171cdd60f1 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go
@@ -76,8 +76,9 @@ func CheckRestrictedVolumes() Check {
 		Level: api.LevelRestricted,
 		Versions: []VersionedCheck{
 			{
-				MinimumVersion: api.MajorMinorVersion(1, 0),
-				CheckPod:       restrictedVolumes_1_0,
+				MinimumVersion:   api.MajorMinorVersion(1, 0),
+				CheckPod:         restrictedVolumes_1_0,
+				OverrideCheckIDs: []CheckID{checkHostPathVolumesID},
 			},
 		},
 	}
diff --git a/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_baseline.go b/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_baseline.go
index 0409f93e70d..55152b3e6a7 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_baseline.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_baseline.go
@@ -49,6 +49,8 @@ spec.initContainers[*].securityContext.seccompProfile.type
 const (
 	annotationKeyPod             = "seccomp.security.alpha.kubernetes.io/pod"
 	annotationKeyContainerPrefix = "container.seccomp.security.alpha.kubernetes.io/"
+
+	checkSeccompBaselineID CheckID = "seccompProfile_baseline"
 )
 
 func init() {
@@ -57,7 +59,7 @@ func init() {
 
 func CheckSeccompBaseline() Check {
 	return Check{
-		ID:    "seccompProfile_baseline",
+		ID:    checkSeccompBaselineID,
 		Level: api.LevelBaseline,
 		Versions: []VersionedCheck{
 			{
diff --git a/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_restricted.go b/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_restricted.go
index 66bec6e05d9..1a8535a0f37 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_restricted.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/check_seccompProfile_restricted.go
@@ -51,8 +51,9 @@ func CheckSeccompProfileRestricted() Check {
 		Level: api.LevelRestricted,
 		Versions: []VersionedCheck{
 			{
-				MinimumVersion: api.MajorMinorVersion(1, 19),
-				CheckPod:       seccompProfileRestricted_1_19,
+				MinimumVersion:   api.MajorMinorVersion(1, 19),
+				CheckPod:         seccompProfileRestricted_1_19,
+				OverrideCheckIDs: []CheckID{checkSeccompBaselineID},
 			},
 		},
 	}
diff --git a/staging/src/k8s.io/pod-security-admission/policy/checks_test.go b/staging/src/k8s.io/pod-security-admission/policy/checks_test.go
index 4325f81f6ec..8f601c77d40 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/checks_test.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/checks_test.go
@@ -36,7 +36,7 @@ func TestValidChecks(t *testing.T) {
 	for _, check := range allChecks {
 		for _, c := range check.Versions {
 			for _, override := range c.OverrideCheckIDs {
-				assert.Contains(t, allIDs, override, "check %s overrides non-existant check %s", check.ID, override)
+				assert.Contains(t, allIDs, override, "check %s overrides non-existent check %s", check.ID, override)
 			}
 		}
 	}
diff --git a/staging/src/k8s.io/pod-security-admission/policy/registry.go b/staging/src/k8s.io/pod-security-admission/policy/registry.go
index a98e11bf0ea..4b91bef8875 100644
--- a/staging/src/k8s.io/pod-security-admission/policy/registry.go
+++ b/staging/src/k8s.io/pod-security-admission/policy/registry.go
@@ -33,7 +33,7 @@ type Evaluator interface {
 
 // checkRegistry provides a default implementation of an Evaluator.
 type checkRegistry struct {
-	// The checks are a map policy verison to a slice of checks registered for that version.
+	// The checks are a map policy version to a slice of checks registered for that version.
 	baselineChecks, restrictedChecks map[api.Version][]CheckPodFn
 	// maxVersion is the maximum version that is cached, guaranteed to be at least
 	// the max MinimumVersion of all registered checks.
diff --git a/staging/src/k8s.io/pod-security-admission/test/fixtures_capabilities_baseline.go b/staging/src/k8s.io/pod-security-admission/test/fixtures_capabilities_baseline.go
index 0ba6aaf0e6d..1293c2dca70 100644
--- a/staging/src/k8s.io/pod-security-admission/test/fixtures_capabilities_baseline.go
+++ b/staging/src/k8s.io/pod-security-admission/test/fixtures_capabilities_baseline.go
@@ -47,7 +47,7 @@ func ensureCapabilities(p *corev1.Pod) *corev1.Pod {
 
 func init() {
 	fixtureData_1_0 := fixtureGenerator{
-		expectErrorSubstring: "non-default capabilities",
+		expectErrorSubstring: "capabilities",
 		generatePass: func(p *corev1.Pod) []*corev1.Pod {
 			// don't generate fixtures if minimal valid pod drops ALL
 			if p.Spec.Containers[0].SecurityContext != nil && p.Spec.Containers[0].SecurityContext.Capabilities != nil {
diff --git a/staging/src/k8s.io/pod-security-admission/test/fixtures_hostPathVolumes.go b/staging/src/k8s.io/pod-security-admission/test/fixtures_hostPathVolumes.go
index 10c1a622fa6..7b891fdaff2 100644
--- a/staging/src/k8s.io/pod-security-admission/test/fixtures_hostPathVolumes.go
+++ b/staging/src/k8s.io/pod-security-admission/test/fixtures_hostPathVolumes.go
@@ -28,7 +28,7 @@ TODO: include field paths in reflect-based unit test
 func init() {
 
 	fixtureData_1_0 := fixtureGenerator{
-		expectErrorSubstring: "hostPath volumes",
+		expectErrorSubstring: "hostPath",
 		generatePass: func(p *corev1.Pod) []*corev1.Pod {
 			// minimal valid pod already captures all valid combinations
 			return nil