From bd4dc42a72ef64d20f81c6df20ed1ced10af3003 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <liggitt@google.com>
Date: Wed, 7 Jul 2021 13:06:19 -0400
Subject: [PATCH] PodSecurity: baseline capabilities: regenerate files

---
 .../baseline/v1.0/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.0/fail/addcapabilities5.yaml  | 18 -------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 ...ties6.yaml => capabilities_baseline3.yaml} |  2 +-
 ...ties0.yaml => capabilities_baseline0.yaml} | 18 ++++++-
 .../baseline/v1.1/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.1/fail/addcapabilities5.yaml  | 18 -------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 ...ties3.yaml => capabilities_baseline2.yaml} | 10 ++--
 .../fail/capabilities_baseline3.yaml}         | 10 ++--
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../baseline/v1.10/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.10/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.10/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.10/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.10/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.10/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.10/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.10/fail/addcapabilities7.yaml | 18 -------
 .../v1.10/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.10/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 .../fail/capabilities_baseline3.yaml}         |  2 +-
 .../baseline/v1.10/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.10/pass/addcapabilities1.yaml | 30 ------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../baseline/v1.11/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.11/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.11/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.11/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.11/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.11/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.11/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.11/fail/addcapabilities7.yaml | 18 -------
 .../v1.11/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.11/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../fail/capabilities_baseline2.yaml}         | 10 ++--
 .../fail/capabilities_baseline3.yaml}         | 10 ++--
 .../baseline/v1.11/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.11/pass/addcapabilities1.yaml | 30 ------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../baseline/v1.12/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.12/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.12/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.12/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.12/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.12/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.12/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.12/fail/addcapabilities7.yaml | 18 -------
 .../v1.12/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.12/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.12/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.12/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.12/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.12/pass/addcapabilities1.yaml | 30 ------------
 .../v1.12/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.13/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.13/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.13/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.13/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.13/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.13/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.13/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.13/fail/addcapabilities7.yaml | 18 -------
 .../v1.13/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.13/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.13/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.13/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.13/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.13/pass/addcapabilities1.yaml | 30 ------------
 .../v1.13/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.14/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.14/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.14/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.14/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.14/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.14/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.14/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.14/fail/addcapabilities7.yaml | 18 -------
 .../v1.14/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.14/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.14/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.14/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.14/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.14/pass/addcapabilities1.yaml | 30 ------------
 .../v1.14/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.15/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.15/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.15/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.15/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.15/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.15/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.15/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.15/fail/addcapabilities7.yaml | 18 -------
 .../v1.15/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.15/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.15/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.15/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.15/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.15/pass/addcapabilities1.yaml | 30 ------------
 .../v1.15/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.16/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.16/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.16/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.16/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.16/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.16/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.16/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.16/fail/addcapabilities7.yaml | 18 -------
 .../v1.16/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.16/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.16/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.16/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.16/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.16/pass/addcapabilities1.yaml | 30 ------------
 .../v1.16/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.17/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.17/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.17/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.17/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.17/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.17/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.17/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.17/fail/addcapabilities7.yaml | 18 -------
 .../v1.17/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.17/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.17/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.17/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.17/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.17/pass/addcapabilities1.yaml | 30 ------------
 .../v1.17/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.18/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.18/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.18/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.18/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.18/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.18/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.18/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.18/fail/addcapabilities7.yaml | 18 -------
 .../v1.18/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.18/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.18/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.18/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.18/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.18/pass/addcapabilities1.yaml | 30 ------------
 .../v1.18/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.19/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.19/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.19/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.19/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.19/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.19/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.19/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.19/fail/addcapabilities7.yaml | 18 -------
 .../v1.19/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.19/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.19/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.19/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.19/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.19/pass/addcapabilities1.yaml | 30 ------------
 .../v1.19/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.2/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.2/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.2/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.2/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.2/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.2/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.2/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.2/fail/addcapabilities7.yaml  | 18 -------
 .../v1.2/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.2/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.2/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.2/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.2/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.2/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.2/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../baseline/v1.20/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.20/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.20/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.20/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.20/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.20/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.20/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.20/fail/addcapabilities7.yaml | 18 -------
 .../v1.20/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.20/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.20/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.20/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.20/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.20/pass/addcapabilities1.yaml | 30 ------------
 .../v1.20/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.21/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.21/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.21/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.21/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.21/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.21/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.21/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.21/fail/addcapabilities7.yaml | 18 -------
 .../v1.21/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.21/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.21/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.21/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.21/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.21/pass/addcapabilities1.yaml | 30 ------------
 .../v1.21/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.22/fail/addcapabilities0.yaml | 18 -------
 .../baseline/v1.22/fail/addcapabilities1.yaml | 18 -------
 .../baseline/v1.22/fail/addcapabilities2.yaml | 18 -------
 .../baseline/v1.22/fail/addcapabilities3.yaml | 18 -------
 .../baseline/v1.22/fail/addcapabilities4.yaml | 18 -------
 .../baseline/v1.22/fail/addcapabilities5.yaml | 18 -------
 .../baseline/v1.22/fail/addcapabilities6.yaml | 18 -------
 .../baseline/v1.22/fail/addcapabilities7.yaml | 18 -------
 .../v1.22/fail/capabilities_baseline0.yaml    | 18 +++++++
 .../v1.22/fail/capabilities_baseline1.yaml    | 18 +++++++
 .../v1.22/fail/capabilities_baseline2.yaml    | 18 +++++++
 .../v1.22/fail/capabilities_baseline3.yaml    | 18 +++++++
 .../baseline/v1.22/pass/addcapabilities0.yaml | 30 ------------
 .../baseline/v1.22/pass/addcapabilities1.yaml | 30 ------------
 .../v1.22/pass/capabilities_baseline0.yaml    | 44 +++++++++++++++++
 .../baseline/v1.3/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.3/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.3/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.3/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.3/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.3/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.3/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.3/fail/addcapabilities7.yaml  | 18 -------
 .../v1.3/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.3/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.3/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.3/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.3/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.3/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.3/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../baseline/v1.4/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.4/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.4/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.4/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.4/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.4/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.4/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.4/fail/addcapabilities7.yaml  | 18 -------
 .../v1.4/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.4/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.4/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.4/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.4/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.4/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.4/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../baseline/v1.5/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.5/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.5/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.5/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.5/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.5/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.5/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.5/fail/addcapabilities7.yaml  | 18 -------
 .../v1.5/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.5/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.5/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.5/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.5/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.5/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.5/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../baseline/v1.6/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.6/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.6/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.6/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.6/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.6/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.6/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.6/fail/addcapabilities7.yaml  | 18 -------
 .../v1.6/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.6/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.6/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.6/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.6/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.6/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.6/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../baseline/v1.7/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.7/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.7/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.7/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.7/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.7/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.7/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.7/fail/addcapabilities7.yaml  | 18 -------
 .../v1.7/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.7/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.7/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.7/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.7/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.7/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.7/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../baseline/v1.8/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.8/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.8/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.8/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.8/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.8/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.8/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.8/fail/addcapabilities7.yaml  | 18 -------
 .../v1.8/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.8/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.8/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.8/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.8/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.8/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.8/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../baseline/v1.9/fail/addcapabilities0.yaml  | 18 -------
 .../baseline/v1.9/fail/addcapabilities1.yaml  | 18 -------
 .../baseline/v1.9/fail/addcapabilities2.yaml  | 18 -------
 .../baseline/v1.9/fail/addcapabilities3.yaml  | 18 -------
 .../baseline/v1.9/fail/addcapabilities4.yaml  | 18 -------
 .../baseline/v1.9/fail/addcapabilities5.yaml  | 18 -------
 .../baseline/v1.9/fail/addcapabilities6.yaml  | 18 -------
 .../baseline/v1.9/fail/addcapabilities7.yaml  | 18 -------
 .../v1.9/fail/capabilities_baseline0.yaml     | 18 +++++++
 .../v1.9/fail/capabilities_baseline1.yaml     | 18 +++++++
 .../v1.9/fail/capabilities_baseline2.yaml     | 18 +++++++
 .../v1.9/fail/capabilities_baseline3.yaml     | 18 +++++++
 .../baseline/v1.9/pass/addcapabilities0.yaml  | 30 ------------
 .../baseline/v1.9/pass/addcapabilities1.yaml  | 30 ------------
 .../v1.9/pass/capabilities_baseline0.yaml     | 44 +++++++++++++++++
 .../v1.0/fail/addcapabilities4.yaml           | 19 --------
 .../v1.0/fail/addcapabilities5.yaml           | 19 --------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 ...ties6.yaml => capabilities_baseline3.yaml} |  2 +-
 ...ties0.yaml => capabilities_baseline0.yaml} | 18 ++++++-
 .../v1.1/fail/addcapabilities4.yaml           | 19 --------
 .../v1.1/fail/addcapabilities5.yaml           | 19 --------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 ...ties3.yaml => capabilities_baseline2.yaml} | 10 ++--
 .../fail/capabilities_baseline3.yaml}         | 10 ++--
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.10/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.10/fail/addcapabilities5.yaml          | 21 ---------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 ...ties6.yaml => capabilities_baseline3.yaml} |  2 +-
 ...ties0.yaml => capabilities_baseline0.yaml} | 18 ++++++-
 .../v1.11/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.11/fail/addcapabilities5.yaml          | 21 ---------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 ...ties3.yaml => capabilities_baseline2.yaml} | 10 ++--
 .../fail/capabilities_baseline3.yaml}         | 10 ++--
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.12/fail/addcapabilities0.yaml          | 21 ---------
 .../v1.12/fail/addcapabilities1.yaml          | 21 ---------
 .../v1.12/fail/addcapabilities2.yaml          | 21 ---------
 .../v1.12/fail/addcapabilities3.yaml          | 21 ---------
 .../v1.12/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.12/fail/addcapabilities5.yaml          | 21 ---------
 .../v1.12/fail/addcapabilities6.yaml          | 21 ---------
 .../v1.12/fail/addcapabilities7.yaml          | 21 ---------
 .../v1.12/fail/capabilities_baseline0.yaml    | 21 +++++++++
 .../v1.12/fail/capabilities_baseline1.yaml    | 21 +++++++++
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 .../fail/capabilities_baseline3.yaml}         |  2 +-
 .../v1.12/pass/addcapabilities0.yaml          | 33 -------------
 .../v1.12/pass/addcapabilities1.yaml          | 33 -------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.13/fail/addcapabilities0.yaml          | 21 ---------
 .../v1.13/fail/addcapabilities1.yaml          | 21 ---------
 .../v1.13/fail/addcapabilities2.yaml          | 21 ---------
 .../v1.13/fail/addcapabilities3.yaml          | 21 ---------
 .../v1.13/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.13/fail/addcapabilities5.yaml          | 21 ---------
 .../v1.13/fail/addcapabilities6.yaml          | 21 ---------
 .../v1.13/fail/addcapabilities7.yaml          | 21 ---------
 .../v1.13/fail/capabilities_baseline0.yaml    | 21 +++++++++
 .../v1.13/fail/capabilities_baseline1.yaml    | 21 +++++++++
 .../fail/capabilities_baseline2.yaml}         | 10 ++--
 .../fail/capabilities_baseline3.yaml}         | 10 ++--
 .../v1.13/pass/addcapabilities0.yaml          | 33 -------------
 .../v1.13/pass/addcapabilities1.yaml          | 33 -------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.14/fail/addcapabilities0.yaml          | 21 ---------
 .../v1.14/fail/addcapabilities1.yaml          | 21 ---------
 .../v1.14/fail/addcapabilities2.yaml          | 21 ---------
 .../v1.14/fail/addcapabilities3.yaml          | 21 ---------
 .../v1.14/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.14/fail/addcapabilities5.yaml          | 21 ---------
 .../v1.14/fail/addcapabilities6.yaml          | 21 ---------
 .../v1.14/fail/addcapabilities7.yaml          | 21 ---------
 .../v1.14/fail/capabilities_baseline0.yaml    | 21 +++++++++
 .../v1.14/fail/capabilities_baseline1.yaml    | 21 +++++++++
 .../v1.14/fail/capabilities_baseline2.yaml    | 21 +++++++++
 .../v1.14/fail/capabilities_baseline3.yaml    | 21 +++++++++
 .../v1.14/pass/addcapabilities0.yaml          | 33 -------------
 .../v1.14/pass/addcapabilities1.yaml          | 33 -------------
 .../v1.14/pass/capabilities_baseline0.yaml    | 47 +++++++++++++++++++
 .../v1.15/fail/addcapabilities0.yaml          | 21 ---------
 .../v1.15/fail/addcapabilities1.yaml          | 21 ---------
 .../v1.15/fail/addcapabilities2.yaml          | 21 ---------
 .../v1.15/fail/addcapabilities3.yaml          | 21 ---------
 .../v1.15/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.15/fail/addcapabilities5.yaml          | 21 ---------
 .../v1.15/fail/addcapabilities6.yaml          | 21 ---------
 .../v1.15/fail/addcapabilities7.yaml          | 21 ---------
 .../v1.15/fail/capabilities_baseline0.yaml    | 21 +++++++++
 .../v1.15/fail/capabilities_baseline1.yaml    | 21 +++++++++
 .../v1.15/fail/capabilities_baseline2.yaml    | 21 +++++++++
 .../v1.15/fail/capabilities_baseline3.yaml    | 21 +++++++++
 .../v1.15/pass/addcapabilities0.yaml          | 33 -------------
 .../v1.15/pass/addcapabilities1.yaml          | 33 -------------
 .../v1.15/pass/capabilities_baseline0.yaml    | 47 +++++++++++++++++++
 .../v1.16/fail/addcapabilities0.yaml          | 21 ---------
 .../v1.16/fail/addcapabilities1.yaml          | 21 ---------
 .../v1.16/fail/addcapabilities2.yaml          | 21 ---------
 .../v1.16/fail/addcapabilities3.yaml          | 21 ---------
 .../v1.16/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.16/fail/addcapabilities5.yaml          | 21 ---------
 .../v1.16/fail/addcapabilities6.yaml          | 21 ---------
 .../v1.16/fail/addcapabilities7.yaml          | 21 ---------
 .../v1.16/fail/capabilities_baseline0.yaml    | 21 +++++++++
 .../v1.16/fail/capabilities_baseline1.yaml    | 21 +++++++++
 .../v1.16/fail/capabilities_baseline2.yaml    | 21 +++++++++
 .../v1.16/fail/capabilities_baseline3.yaml    | 21 +++++++++
 .../v1.16/pass/addcapabilities0.yaml          | 33 -------------
 .../v1.16/pass/addcapabilities1.yaml          | 33 -------------
 .../v1.16/pass/capabilities_baseline0.yaml    | 47 +++++++++++++++++++
 .../v1.17/fail/addcapabilities0.yaml          | 21 ---------
 .../v1.17/fail/addcapabilities1.yaml          | 21 ---------
 .../v1.17/fail/addcapabilities2.yaml          | 21 ---------
 .../v1.17/fail/addcapabilities3.yaml          | 21 ---------
 .../v1.17/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.17/fail/addcapabilities5.yaml          | 21 ---------
 .../v1.17/fail/addcapabilities6.yaml          | 21 ---------
 .../v1.17/fail/addcapabilities7.yaml          | 21 ---------
 .../v1.17/fail/capabilities_baseline0.yaml    | 21 +++++++++
 .../v1.17/fail/capabilities_baseline1.yaml    | 21 +++++++++
 .../v1.17/fail/capabilities_baseline2.yaml    | 21 +++++++++
 .../v1.17/fail/capabilities_baseline3.yaml    | 21 +++++++++
 .../v1.17/pass/addcapabilities0.yaml          | 33 -------------
 .../v1.17/pass/addcapabilities1.yaml          | 33 -------------
 .../v1.17/pass/capabilities_baseline0.yaml    | 47 +++++++++++++++++++
 .../v1.18/fail/addcapabilities0.yaml          | 21 ---------
 .../v1.18/fail/addcapabilities1.yaml          | 21 ---------
 .../v1.18/fail/addcapabilities2.yaml          | 21 ---------
 .../v1.18/fail/addcapabilities3.yaml          | 21 ---------
 .../v1.18/fail/addcapabilities4.yaml          | 21 ---------
 .../v1.18/fail/addcapabilities5.yaml          | 21 ---------
 .../v1.18/fail/addcapabilities6.yaml          | 21 ---------
 .../v1.18/fail/addcapabilities7.yaml          | 21 ---------
 .../v1.18/fail/capabilities_baseline0.yaml    | 21 +++++++++
 .../v1.18/fail/capabilities_baseline1.yaml    | 21 +++++++++
 .../v1.18/fail/capabilities_baseline2.yaml    | 21 +++++++++
 .../v1.18/fail/capabilities_baseline3.yaml    | 21 +++++++++
 .../v1.18/pass/addcapabilities0.yaml          | 33 -------------
 .../v1.18/pass/addcapabilities1.yaml          | 33 -------------
 .../v1.18/pass/capabilities_baseline0.yaml    | 47 +++++++++++++++++++
 .../v1.19/fail/addcapabilities3.yaml          | 23 ---------
 .../v1.19/fail/addcapabilities4.yaml          | 23 ---------
 .../v1.19/fail/addcapabilities5.yaml          | 23 ---------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 ...ties6.yaml => capabilities_baseline3.yaml} |  2 +-
 ...ties0.yaml => capabilities_baseline0.yaml} | 18 ++++++-
 .../v1.2/fail/addcapabilities0.yaml           | 19 --------
 .../v1.2/fail/addcapabilities1.yaml           | 19 --------
 .../v1.2/fail/addcapabilities2.yaml           | 19 --------
 .../v1.2/fail/addcapabilities3.yaml           | 19 --------
 .../v1.2/fail/addcapabilities4.yaml           | 19 --------
 .../v1.2/fail/addcapabilities5.yaml           | 19 --------
 .../v1.2/fail/addcapabilities6.yaml           | 19 --------
 .../v1.2/fail/addcapabilities7.yaml           | 19 --------
 .../v1.2/fail/capabilities_baseline0.yaml     | 19 ++++++++
 .../v1.2/fail/capabilities_baseline1.yaml     | 19 ++++++++
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 .../fail/capabilities_baseline3.yaml}         |  2 +-
 .../v1.2/pass/addcapabilities0.yaml           | 31 ------------
 .../v1.2/pass/addcapabilities1.yaml           | 31 ------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.20/fail/addcapabilities4.yaml          | 23 ---------
 .../v1.20/fail/addcapabilities5.yaml          | 23 ---------
 .../v1.20/fail/addcapabilities7.yaml          | 23 ---------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 ...ties3.yaml => capabilities_baseline2.yaml} | 10 ++--
 .../fail/capabilities_baseline3.yaml}         | 10 ++--
 .../v1.20/pass/addcapabilities1.yaml          | 35 --------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.21/fail/addcapabilities0.yaml          | 23 ---------
 .../v1.21/fail/addcapabilities1.yaml          | 23 ---------
 .../v1.21/fail/addcapabilities2.yaml          | 23 ---------
 .../v1.21/fail/addcapabilities3.yaml          | 23 ---------
 .../v1.21/fail/addcapabilities4.yaml          | 23 ---------
 .../v1.21/fail/addcapabilities5.yaml          | 23 ---------
 .../v1.21/fail/addcapabilities6.yaml          | 23 ---------
 .../v1.21/fail/addcapabilities7.yaml          | 23 ---------
 .../v1.21/fail/capabilities_baseline0.yaml    | 23 +++++++++
 .../v1.21/fail/capabilities_baseline1.yaml    | 23 +++++++++
 .../fail/capabilities_baseline2.yaml}         |  2 +-
 .../fail/capabilities_baseline3.yaml}         |  2 +-
 .../v1.21/pass/addcapabilities0.yaml          | 35 --------------
 .../v1.21/pass/addcapabilities1.yaml          | 35 --------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.22/fail/addcapabilities3.yaml          | 27 -----------
 .../v1.22/fail/addcapabilities4.yaml          | 27 -----------
 .../v1.22/fail/addcapabilities5.yaml          | 27 -----------
 .../v1.22/fail/addcapabilities7.yaml          | 27 -----------
 ...ties0.yaml => capabilities_baseline0.yaml} |  2 +-
 ...ties1.yaml => capabilities_baseline1.yaml} |  2 +-
 ...ties2.yaml => capabilities_baseline2.yaml} |  2 +-
 ...ties6.yaml => capabilities_baseline3.yaml} |  2 +-
 .../v1.3/fail/addcapabilities0.yaml           | 19 --------
 .../v1.3/fail/addcapabilities1.yaml           | 19 --------
 .../v1.3/fail/addcapabilities2.yaml           | 19 --------
 .../v1.3/fail/addcapabilities3.yaml           | 19 --------
 .../v1.3/fail/addcapabilities4.yaml           | 19 --------
 .../v1.3/fail/addcapabilities5.yaml           | 19 --------
 .../v1.3/fail/addcapabilities6.yaml           | 19 --------
 .../v1.3/fail/addcapabilities7.yaml           | 19 --------
 .../v1.3/fail/capabilities_baseline0.yaml     | 19 ++++++++
 .../v1.3/fail/capabilities_baseline1.yaml     | 19 ++++++++
 .../fail/capabilities_baseline2.yaml}         | 10 ++--
 .../fail/capabilities_baseline3.yaml}         | 10 ++--
 .../v1.3/pass/addcapabilities0.yaml           | 31 ------------
 .../v1.3/pass/addcapabilities1.yaml           | 31 ------------
 .../pass/capabilities_baseline0.yaml}         | 18 ++++++-
 .../v1.4/fail/addcapabilities0.yaml           | 19 --------
 .../v1.4/fail/addcapabilities1.yaml           | 19 --------
 .../v1.4/fail/addcapabilities2.yaml           | 19 --------
 .../v1.4/fail/addcapabilities3.yaml           | 19 --------
 .../v1.4/fail/addcapabilities4.yaml           | 19 --------
 .../v1.4/fail/addcapabilities5.yaml           | 19 --------
 .../v1.4/fail/addcapabilities6.yaml           | 19 --------
 .../v1.4/fail/addcapabilities7.yaml           | 19 --------
 .../v1.4/fail/capabilities_baseline0.yaml     | 19 ++++++++
 .../v1.4/fail/capabilities_baseline1.yaml     | 19 ++++++++
 .../v1.4/fail/capabilities_baseline2.yaml     | 19 ++++++++
 .../v1.4/fail/capabilities_baseline3.yaml     | 19 ++++++++
 .../v1.4/pass/addcapabilities0.yaml           | 31 ------------
 .../v1.4/pass/addcapabilities1.yaml           | 31 ------------
 .../v1.4/pass/capabilities_baseline0.yaml     | 45 ++++++++++++++++++
 .../v1.5/fail/addcapabilities0.yaml           | 19 --------
 .../v1.5/fail/addcapabilities1.yaml           | 19 --------
 .../v1.5/fail/addcapabilities2.yaml           | 19 --------
 .../v1.5/fail/addcapabilities3.yaml           | 19 --------
 .../v1.5/fail/addcapabilities4.yaml           | 19 --------
 .../v1.5/fail/addcapabilities5.yaml           | 19 --------
 .../v1.5/fail/addcapabilities6.yaml           | 19 --------
 .../v1.5/fail/addcapabilities7.yaml           | 19 --------
 .../v1.5/fail/capabilities_baseline0.yaml     | 19 ++++++++
 .../v1.5/fail/capabilities_baseline1.yaml     | 19 ++++++++
 .../v1.5/fail/capabilities_baseline2.yaml     | 19 ++++++++
 .../v1.5/fail/capabilities_baseline3.yaml     | 19 ++++++++
 .../v1.5/pass/addcapabilities0.yaml           | 31 ------------
 .../v1.5/pass/addcapabilities1.yaml           | 31 ------------
 .../v1.5/pass/capabilities_baseline0.yaml     | 45 ++++++++++++++++++
 .../v1.6/fail/addcapabilities0.yaml           | 19 --------
 .../v1.6/fail/addcapabilities1.yaml           | 19 --------
 .../v1.6/fail/addcapabilities2.yaml           | 19 --------
 .../v1.6/fail/addcapabilities3.yaml           | 19 --------
 .../v1.6/fail/addcapabilities4.yaml           | 19 --------
 .../v1.6/fail/addcapabilities5.yaml           | 19 --------
 .../v1.6/fail/addcapabilities6.yaml           | 19 --------
 .../v1.6/fail/addcapabilities7.yaml           | 19 --------
 .../v1.6/fail/capabilities_baseline0.yaml     | 19 ++++++++
 .../v1.6/fail/capabilities_baseline1.yaml     | 19 ++++++++
 .../v1.6/fail/capabilities_baseline2.yaml     | 19 ++++++++
 .../v1.6/fail/capabilities_baseline3.yaml     | 19 ++++++++
 .../v1.6/pass/addcapabilities0.yaml           | 31 ------------
 .../v1.6/pass/addcapabilities1.yaml           | 31 ------------
 .../v1.6/pass/capabilities_baseline0.yaml     | 45 ++++++++++++++++++
 .../v1.7/fail/addcapabilities0.yaml           | 19 --------
 .../v1.7/fail/addcapabilities1.yaml           | 19 --------
 .../v1.7/fail/addcapabilities2.yaml           | 19 --------
 .../v1.7/fail/addcapabilities3.yaml           | 19 --------
 .../v1.7/fail/addcapabilities4.yaml           | 19 --------
 .../v1.7/fail/addcapabilities5.yaml           | 19 --------
 .../v1.7/fail/addcapabilities6.yaml           | 19 --------
 .../v1.7/fail/addcapabilities7.yaml           | 19 --------
 .../v1.7/fail/capabilities_baseline0.yaml     | 19 ++++++++
 .../v1.7/fail/capabilities_baseline1.yaml     | 19 ++++++++
 .../v1.7/fail/capabilities_baseline2.yaml     | 19 ++++++++
 .../v1.7/fail/capabilities_baseline3.yaml     | 19 ++++++++
 .../v1.7/pass/addcapabilities0.yaml           | 31 ------------
 .../v1.7/pass/addcapabilities1.yaml           | 31 ------------
 .../v1.7/pass/capabilities_baseline0.yaml     | 45 ++++++++++++++++++
 .../v1.8/fail/addcapabilities0.yaml           | 21 ---------
 .../v1.8/fail/addcapabilities1.yaml           | 21 ---------
 .../v1.8/fail/addcapabilities2.yaml           | 21 ---------
 .../v1.8/fail/addcapabilities3.yaml           | 21 ---------
 .../v1.8/fail/addcapabilities4.yaml           | 21 ---------
 .../v1.8/fail/addcapabilities5.yaml           | 21 ---------
 .../v1.8/fail/addcapabilities6.yaml           | 21 ---------
 .../v1.8/fail/addcapabilities7.yaml           | 21 ---------
 .../v1.8/fail/capabilities_baseline0.yaml     | 21 +++++++++
 .../v1.8/fail/capabilities_baseline1.yaml     | 21 +++++++++
 .../v1.8/fail/capabilities_baseline2.yaml     | 21 +++++++++
 .../v1.8/fail/capabilities_baseline3.yaml     | 21 +++++++++
 .../v1.8/pass/addcapabilities0.yaml           | 33 -------------
 .../v1.8/pass/addcapabilities1.yaml           | 33 -------------
 .../v1.8/pass/capabilities_baseline0.yaml     | 47 +++++++++++++++++++
 .../v1.9/fail/addcapabilities0.yaml           | 21 ---------
 .../v1.9/fail/addcapabilities1.yaml           | 21 ---------
 .../v1.9/fail/addcapabilities2.yaml           | 21 ---------
 .../v1.9/fail/addcapabilities3.yaml           | 21 ---------
 .../v1.9/fail/addcapabilities4.yaml           | 21 ---------
 .../v1.9/fail/addcapabilities5.yaml           | 21 ---------
 .../v1.9/fail/addcapabilities6.yaml           | 21 ---------
 .../v1.9/fail/addcapabilities7.yaml           | 21 ---------
 .../v1.9/fail/capabilities_baseline0.yaml     | 21 +++++++++
 .../v1.9/fail/capabilities_baseline1.yaml     | 21 +++++++++
 .../v1.9/fail/capabilities_baseline2.yaml     | 21 +++++++++
 .../v1.9/fail/capabilities_baseline3.yaml     | 21 +++++++++
 .../v1.9/pass/addcapabilities0.yaml           | 33 -------------
 .../v1.9/pass/addcapabilities1.yaml           | 33 -------------
 .../v1.9/pass/capabilities_baseline0.yaml     | 47 +++++++++++++++++++
 622 files changed, 4229 insertions(+), 8577 deletions(-)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities5.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.1/fail/addcapabilities2.yaml => v1.0/fail/capabilities_baseline2.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/{addcapabilities6.yaml => capabilities_baseline3.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/{addcapabilities0.yaml => capabilities_baseline0.yaml} (62%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities5.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/{addcapabilities3.yaml => capabilities_baseline2.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.0/fail/addcapabilities7.yaml => v1.1/fail/capabilities_baseline3.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.0/pass/addcapabilities1.yaml => v1.1/pass/capabilities_baseline0.yaml} (62%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.0/fail/addcapabilities2.yaml => v1.10/fail/capabilities_baseline2.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.1/fail/addcapabilities6.yaml => v1.10/fail/capabilities_baseline3.yaml} (91%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.1/pass/addcapabilities0.yaml => v1.10/pass/capabilities_baseline0.yaml} (62%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.0/fail/addcapabilities3.yaml => v1.11/fail/capabilities_baseline2.yaml} (90%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.1/fail/addcapabilities7.yaml => v1.11/fail/capabilities_baseline3.yaml} (91%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/baseline/{v1.1/pass/addcapabilities1.yaml => v1.11/pass/capabilities_baseline0.yaml} (62%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities5.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.1/fail/addcapabilities2.yaml => v1.0/fail/capabilities_baseline2.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/{addcapabilities6.yaml => capabilities_baseline3.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/{addcapabilities0.yaml => capabilities_baseline0.yaml} (63%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities5.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/{addcapabilities3.yaml => capabilities_baseline2.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.0/fail/addcapabilities7.yaml => v1.1/fail/capabilities_baseline3.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.0/pass/addcapabilities1.yaml => v1.1/pass/capabilities_baseline0.yaml} (63%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities5.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.11/fail/addcapabilities2.yaml => v1.10/fail/capabilities_baseline2.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/{addcapabilities6.yaml => capabilities_baseline3.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/{addcapabilities0.yaml => capabilities_baseline0.yaml} (66%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities5.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/{addcapabilities3.yaml => capabilities_baseline2.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.10/fail/addcapabilities7.yaml => v1.11/fail/capabilities_baseline3.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.10/pass/addcapabilities1.yaml => v1.11/pass/capabilities_baseline0.yaml} (66%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.10/fail/addcapabilities2.yaml => v1.12/fail/capabilities_baseline2.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.11/fail/addcapabilities6.yaml => v1.12/fail/capabilities_baseline3.yaml} (92%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.11/pass/addcapabilities0.yaml => v1.12/pass/capabilities_baseline0.yaml} (66%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.10/fail/addcapabilities3.yaml => v1.13/fail/capabilities_baseline2.yaml} (92%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.11/fail/addcapabilities7.yaml => v1.13/fail/capabilities_baseline3.yaml} (92%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.11/pass/addcapabilities1.yaml => v1.13/pass/capabilities_baseline0.yaml} (66%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities5.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.20/fail/addcapabilities2.yaml => v1.19/fail/capabilities_baseline2.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/{addcapabilities6.yaml => capabilities_baseline3.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/{addcapabilities0.yaml => capabilities_baseline0.yaml} (68%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.0/fail/addcapabilities2.yaml => v1.2/fail/capabilities_baseline2.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.1/fail/addcapabilities6.yaml => v1.2/fail/capabilities_baseline3.yaml} (91%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.1/pass/addcapabilities0.yaml => v1.2/pass/capabilities_baseline0.yaml} (63%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities7.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/{addcapabilities3.yaml => capabilities_baseline2.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.19/fail/addcapabilities7.yaml => v1.20/fail/capabilities_baseline3.yaml} (93%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.19/pass/addcapabilities1.yaml => v1.20/pass/capabilities_baseline0.yaml} (68%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.19/fail/addcapabilities2.yaml => v1.21/fail/capabilities_baseline2.yaml} (93%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.20/fail/addcapabilities6.yaml => v1.21/fail/capabilities_baseline3.yaml} (93%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.20/pass/addcapabilities0.yaml => v1.21/pass/capabilities_baseline0.yaml} (68%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities7.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/{addcapabilities0.yaml => capabilities_baseline0.yaml} (94%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/{addcapabilities1.yaml => capabilities_baseline1.yaml} (94%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/{addcapabilities2.yaml => capabilities_baseline2.yaml} (94%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/{addcapabilities6.yaml => capabilities_baseline3.yaml} (94%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.0/fail/addcapabilities3.yaml => v1.3/fail/capabilities_baseline2.yaml} (91%)
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.1/fail/addcapabilities7.yaml => v1.3/fail/capabilities_baseline3.yaml} (91%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities1.yaml
 rename staging/src/k8s.io/pod-security-admission/test/testdata/restricted/{v1.1/pass/addcapabilities1.yaml => v1.3/pass/capabilities_baseline0.yaml} (63%)
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/capabilities_baseline0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities1.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities2.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities4.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities5.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities6.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities7.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline0.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline2.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline3.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities0.yaml
 delete mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities1.yaml
 create mode 100755 staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/capabilities_baseline0.yaml

diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline0.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline0.yaml
index fad76945b33..975bdfa020b 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline1.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline1.yaml
index 314cc49cc9d..01d1d853f75 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline2.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline2.yaml
index 2a8a9a23339..3bf7f7c9577 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline3.yaml
index a41704fe7a0..88a8c9fb522 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/capabilities_baseline0.yaml
similarity index 62%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/capabilities_baseline0.yaml
index 08af9d73edd..a2b8a9276b5 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -26,5 +26,19 @@ spec:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline0.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline0.yaml
index fad76945b33..975bdfa020b 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline1.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline1.yaml
index 314cc49cc9d..01d1d853f75 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline2.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities3.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline2.yaml
index 7e2702d1c80..3bf7f7c9577 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities3.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline2.yaml
@@ -1,18 +1,18 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities3
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - chown
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - chown
+      capabilities: {}
   securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities7.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline3.yaml
index 2a451ec6fc7..88a8c9fb522 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities7.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline3.yaml
@@ -1,18 +1,18 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities7
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - CAP_CHOWN
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
+      capabilities: {}
   securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/capabilities_baseline0.yaml
similarity index 62%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/capabilities_baseline0.yaml
index d5c07bdb914..a2b8a9276b5 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/capabilities_baseline0.yaml
@@ -1,13 +1,27 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline2.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline2.yaml
index 2a8a9a23339..3bf7f7c9577 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline3.yaml
index a41704fe7a0..88a8c9fb522 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/capabilities_baseline0.yaml
similarity index 62%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/capabilities_baseline0.yaml
index 08af9d73edd..a2b8a9276b5 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -26,5 +26,19 @@ spec:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline2.yaml
similarity index 90%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities3.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline2.yaml
index 7e2702d1c80..3bf7f7c9577 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities3.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline2.yaml
@@ -1,18 +1,18 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities3
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - chown
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - chown
+      capabilities: {}
   securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities7.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline3.yaml
index 2a451ec6fc7..88a8c9fb522 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities7.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline3.yaml
@@ -1,18 +1,18 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities7
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - CAP_CHOWN
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
+      capabilities: {}
   securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/capabilities_baseline0.yaml
similarity index 62%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/capabilities_baseline0.yaml
index d5c07bdb914..a2b8a9276b5 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/capabilities_baseline0.yaml
@@ -1,13 +1,27 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities0.yaml
deleted file mode 100755
index fad76945b33..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities1.yaml
deleted file mode 100755
index 314cc49cc9d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities2.yaml
deleted file mode 100755
index 2a8a9a23339..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities3.yaml
deleted file mode 100755
index 7e2702d1c80..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities4.yaml
deleted file mode 100755
index a2ffd421b3c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities5.yaml
deleted file mode 100755
index 011d3826820..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities6.yaml
deleted file mode 100755
index a41704fe7a0..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities7.yaml
deleted file mode 100755
index 2a451ec6fc7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..975bdfa020b
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline0.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..01d1d853f75
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline1.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..3bf7f7c9577
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline2.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..88a8c9fb522
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/capabilities_baseline3.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities0.yaml
deleted file mode 100755
index 08af9d73edd..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities1.yaml
deleted file mode 100755
index d5c07bdb914..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..a2b8a9276b5
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/capabilities_baseline0.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext: {}
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline0.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline0.yaml
index 7d2a40aa16f..842a8971316 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline1.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline1.yaml
index 4ce478cc101..e5a5d8f6e8c 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline2.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline2.yaml
index e2ac69c257c..132a5edb193 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline3.yaml
index a7c074252bc..4764c671869 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/capabilities_baseline0.yaml
similarity index 63%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/capabilities_baseline0.yaml
index 3185a9f177b..d424e27e3e6 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -26,6 +26,20 @@ spec:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline0.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline0.yaml
index 7d2a40aa16f..842a8971316 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline1.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline1.yaml
index 4ce478cc101..e5a5d8f6e8c 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline2.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities3.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline2.yaml
index 7b8039471c7..132a5edb193 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities3.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline2.yaml
@@ -1,19 +1,19 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities3
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - chown
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - chown
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities7.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline3.yaml
index 05e8355ab2e..4764c671869 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities7.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/capabilities_baseline3.yaml
@@ -1,19 +1,19 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities7
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - CAP_CHOWN
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/capabilities_baseline0.yaml
similarity index 63%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/capabilities_baseline0.yaml
index 650b78e6671..d424e27e3e6 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/capabilities_baseline0.yaml
@@ -1,13 +1,27 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline0.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline0.yaml
index 8d989f6f2ba..71a284bd1f3 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline1.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline1.yaml
index 92c51f1a671..94995c57094 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline2.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline2.yaml
index f1decea46f1..1fe830735cb 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline3.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline3.yaml
index 935bbec6908..7963fe78339 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/capabilities_baseline0.yaml
similarity index 66%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/capabilities_baseline0.yaml
index f28e384225c..be822dd61b1 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -28,6 +28,20 @@ spec:
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline0.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline0.yaml
index 8d989f6f2ba..71a284bd1f3 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline1.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline1.yaml
index 92c51f1a671..94995c57094 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline2.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities3.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline2.yaml
index 23f4b98b35c..1fe830735cb 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities3.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline2.yaml
@@ -1,21 +1,21 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities3
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - chown
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline3.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities7.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline3.yaml
index acb905603ef..7963fe78339 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities7.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/capabilities_baseline3.yaml
@@ -1,21 +1,21 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities7
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - CAP_CHOWN
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/capabilities_baseline0.yaml
similarity index 66%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/capabilities_baseline0.yaml
index b4be8387110..be822dd61b1 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/pass/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/capabilities_baseline0.yaml
@@ -1,14 +1,28 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline2.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline2.yaml
index f1decea46f1..1fe830735cb 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline3.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline3.yaml
index 935bbec6908..7963fe78339 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/capabilities_baseline0.yaml
similarity index 66%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/capabilities_baseline0.yaml
index f28e384225c..be822dd61b1 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -28,6 +28,20 @@ spec:
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline2.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities3.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline2.yaml
index 23f4b98b35c..1fe830735cb 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/addcapabilities3.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline2.yaml
@@ -1,21 +1,21 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities3
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - chown
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline3.yaml
similarity index 92%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities7.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline3.yaml
index acb905603ef..7963fe78339 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/addcapabilities7.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/capabilities_baseline3.yaml
@@ -1,21 +1,21 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities7
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - CAP_CHOWN
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/capabilities_baseline0.yaml
similarity index 66%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/capabilities_baseline0.yaml
index b4be8387110..be822dd61b1 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/pass/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/pass/capabilities_baseline0.yaml
@@ -1,14 +1,28 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..1fe830735cb
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline2.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..7963fe78339
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/capabilities_baseline3.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..be822dd61b1
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/pass/capabilities_baseline0.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..1fe830735cb
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline2.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..7963fe78339
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/capabilities_baseline3.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..be822dd61b1
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/pass/capabilities_baseline0.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..1fe830735cb
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline2.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..7963fe78339
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/capabilities_baseline3.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..be822dd61b1
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/pass/capabilities_baseline0.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..1fe830735cb
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline2.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..7963fe78339
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/capabilities_baseline3.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..be822dd61b1
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/pass/capabilities_baseline0.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..1fe830735cb
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline2.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..7963fe78339
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/capabilities_baseline3.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..be822dd61b1
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/pass/capabilities_baseline0.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities3.yaml
deleted file mode 100755
index 014e2e7b81c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities4.yaml
deleted file mode 100755
index beaed5ad3a6..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities5.yaml
deleted file mode 100755
index a4d9d5cf57f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline0.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline0.yaml
index 10190974a52..b8ba0da5430 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline1.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline1.yaml
index 59eee88a009..0e94190d250 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline2.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline2.yaml
index ec31abd9b1c..504c102b572 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline3.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline3.yaml
index e7da6cee1d8..ea04caf2977 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/capabilities_baseline0.yaml
similarity index 68%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/capabilities_baseline0.yaml
index b0f763a20a7..1728a1dcdb8 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -28,7 +28,21 @@ spec:
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext:
     runAsNonRoot: true
     seccompProfile:
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities0.yaml
deleted file mode 100755
index 7d2a40aa16f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities1.yaml
deleted file mode 100755
index 4ce478cc101..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities2.yaml
deleted file mode 100755
index e2ac69c257c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities3.yaml
deleted file mode 100755
index 7b8039471c7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities6.yaml
deleted file mode 100755
index a7c074252bc..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities7.yaml
deleted file mode 100755
index 05e8355ab2e..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..842a8971316
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline0.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..e5a5d8f6e8c
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline1.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline2.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline2.yaml
index e2ac69c257c..132a5edb193 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline3.yaml
index a7c074252bc..4764c671869 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities0.yaml
deleted file mode 100755
index 3185a9f177b..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities1.yaml
deleted file mode 100755
index 650b78e6671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/capabilities_baseline0.yaml
similarity index 63%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/capabilities_baseline0.yaml
index 3185a9f177b..d424e27e3e6 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.2/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -26,6 +26,20 @@ spec:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities4.yaml
deleted file mode 100755
index beaed5ad3a6..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities5.yaml
deleted file mode 100755
index a4d9d5cf57f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities7.yaml
deleted file mode 100755
index b1b74fc56d2..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline0.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline0.yaml
index 10190974a52..b8ba0da5430 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline1.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline1.yaml
index 59eee88a009..0e94190d250 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline2.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities3.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline2.yaml
index 014e2e7b81c..504c102b572 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities3.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline2.yaml
@@ -1,22 +1,22 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities3
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - chown
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
     seccompProfile:
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline3.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities7.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline3.yaml
index b1b74fc56d2..ea04caf2977 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities7.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/capabilities_baseline3.yaml
@@ -1,22 +1,22 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities7
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - CAP_CHOWN
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
     seccompProfile:
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/addcapabilities1.yaml
deleted file mode 100755
index d055e87ceb6..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/capabilities_baseline0.yaml
similarity index 68%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/capabilities_baseline0.yaml
index d055e87ceb6..1728a1dcdb8 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/capabilities_baseline0.yaml
@@ -1,14 +1,28 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities0.yaml
deleted file mode 100755
index 10190974a52..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities1.yaml
deleted file mode 100755
index 59eee88a009..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities2.yaml
deleted file mode 100755
index ec31abd9b1c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities3.yaml
deleted file mode 100755
index 014e2e7b81c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities4.yaml
deleted file mode 100755
index beaed5ad3a6..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities5.yaml
deleted file mode 100755
index a4d9d5cf57f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities6.yaml
deleted file mode 100755
index e7da6cee1d8..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities7.yaml
deleted file mode 100755
index b1b74fc56d2..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..b8ba0da5430
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline0.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..0e94190d250
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline1.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline2.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline2.yaml
index ec31abd9b1c..504c102b572 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline3.yaml
similarity index 93%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline3.yaml
index e7da6cee1d8..ea04caf2977 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities0.yaml
deleted file mode 100755
index b0f763a20a7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities1.yaml
deleted file mode 100755
index d055e87ceb6..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/capabilities_baseline0.yaml
similarity index 68%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/capabilities_baseline0.yaml
index b0f763a20a7..1728a1dcdb8 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
@@ -28,7 +28,21 @@ spec:
     name: initcontainer1
     securityContext:
       allowPrivilegeEscalation: false
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   securityContext:
     runAsNonRoot: true
     seccompProfile:
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities3.yaml
deleted file mode 100755
index 95ea459521d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-        drop:
-        - ALL
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities4.yaml
deleted file mode 100755
index 0799dcd236c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-        drop:
-        - ALL
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities5.yaml
deleted file mode 100755
index 26f61ace2e6..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-        drop:
-        - ALL
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities7.yaml
deleted file mode 100755
index f135a5f0db3..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-        drop:
-        - ALL
-  securityContext:
-    runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline0.yaml
similarity index 94%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities0.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline0.yaml
index d5563911a1f..e1aeb36d0dd 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities0.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline0.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities0
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline1.yaml
similarity index 94%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline1.yaml
index abc5915c1b8..f1cbd89432b 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline1.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline1
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline2.yaml
similarity index 94%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities2.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline2.yaml
index 764a895c032..4b26163dcb2 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities2.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline2.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities2
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline3.yaml
similarity index 94%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities6.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline3.yaml
index f0574dabc42..7507e1912ea 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/addcapabilities6.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/capabilities_baseline3.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities6
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities0.yaml
deleted file mode 100755
index 7d2a40aa16f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities1.yaml
deleted file mode 100755
index 4ce478cc101..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities2.yaml
deleted file mode 100755
index e2ac69c257c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities3.yaml
deleted file mode 100755
index 7b8039471c7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities6.yaml
deleted file mode 100755
index a7c074252bc..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities7.yaml
deleted file mode 100755
index 05e8355ab2e..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..842a8971316
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline0.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..e5a5d8f6e8c
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline1.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline2.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities3.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline2.yaml
index 7b8039471c7..132a5edb193 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/addcapabilities3.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline2.yaml
@@ -1,19 +1,19 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities3
+  name: capabilities_baseline2
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - chown
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - chown
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline3.yaml
similarity index 91%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities7.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline3.yaml
index 05e8355ab2e..4764c671869 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/addcapabilities7.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/fail/capabilities_baseline3.yaml
@@ -1,19 +1,19 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities7
+  name: capabilities_baseline3
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - CAP_CHOWN
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
     securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
+      capabilities: {}
   securityContext:
     runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities0.yaml
deleted file mode 100755
index 3185a9f177b..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities1.yaml
deleted file mode 100755
index 650b78e6671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/capabilities_baseline0.yaml
similarity index 63%
rename from staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/addcapabilities1.yaml
rename to staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/capabilities_baseline0.yaml
index 650b78e6671..d424e27e3e6 100755
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/addcapabilities1.yaml
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.3/pass/capabilities_baseline0.yaml
@@ -1,13 +1,27 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addcapabilities1
+  name: capabilities_baseline0
 spec:
   containers:
   - image: k8s.gcr.io/pause
     name: container1
     securityContext:
-      capabilities: {}
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
   initContainers:
   - image: k8s.gcr.io/pause
     name: initcontainer1
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities0.yaml
deleted file mode 100755
index 7d2a40aa16f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities1.yaml
deleted file mode 100755
index 4ce478cc101..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities2.yaml
deleted file mode 100755
index e2ac69c257c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities3.yaml
deleted file mode 100755
index 7b8039471c7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities6.yaml
deleted file mode 100755
index a7c074252bc..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities7.yaml
deleted file mode 100755
index 05e8355ab2e..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..842a8971316
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline0.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..e5a5d8f6e8c
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline1.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..132a5edb193
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline2.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..4764c671869
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/fail/capabilities_baseline3.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities0.yaml
deleted file mode 100755
index 3185a9f177b..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities1.yaml
deleted file mode 100755
index 650b78e6671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..d424e27e3e6
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.4/pass/capabilities_baseline0.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities0.yaml
deleted file mode 100755
index 7d2a40aa16f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities1.yaml
deleted file mode 100755
index 4ce478cc101..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities2.yaml
deleted file mode 100755
index e2ac69c257c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities3.yaml
deleted file mode 100755
index 7b8039471c7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities6.yaml
deleted file mode 100755
index a7c074252bc..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities7.yaml
deleted file mode 100755
index 05e8355ab2e..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..842a8971316
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline0.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..e5a5d8f6e8c
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline1.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..132a5edb193
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline2.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..4764c671869
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/fail/capabilities_baseline3.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities0.yaml
deleted file mode 100755
index 3185a9f177b..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities1.yaml
deleted file mode 100755
index 650b78e6671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..d424e27e3e6
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.5/pass/capabilities_baseline0.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities0.yaml
deleted file mode 100755
index 7d2a40aa16f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities1.yaml
deleted file mode 100755
index 4ce478cc101..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities2.yaml
deleted file mode 100755
index e2ac69c257c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities3.yaml
deleted file mode 100755
index 7b8039471c7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities6.yaml
deleted file mode 100755
index a7c074252bc..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities7.yaml
deleted file mode 100755
index 05e8355ab2e..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..842a8971316
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline0.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..e5a5d8f6e8c
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline1.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..132a5edb193
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline2.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..4764c671869
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/fail/capabilities_baseline3.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities0.yaml
deleted file mode 100755
index 3185a9f177b..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities1.yaml
deleted file mode 100755
index 650b78e6671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..d424e27e3e6
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.6/pass/capabilities_baseline0.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities0.yaml
deleted file mode 100755
index 7d2a40aa16f..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities1.yaml
deleted file mode 100755
index 4ce478cc101..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities2.yaml
deleted file mode 100755
index e2ac69c257c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities3.yaml
deleted file mode 100755
index 7b8039471c7..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities4.yaml
deleted file mode 100755
index c35f9bac810..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities5.yaml
deleted file mode 100755
index 750b776c0e9..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities6.yaml
deleted file mode 100755
index a7c074252bc..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities7.yaml
deleted file mode 100755
index 05e8355ab2e..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..842a8971316
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline0.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..e5a5d8f6e8c
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline1.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..132a5edb193
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline2.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..4764c671869
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/fail/capabilities_baseline3.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities0.yaml
deleted file mode 100755
index 3185a9f177b..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities1.yaml
deleted file mode 100755
index 650b78e6671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..d424e27e3e6
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.7/pass/capabilities_baseline0.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..1fe830735cb
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline2.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..7963fe78339
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/capabilities_baseline3.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..be822dd61b1
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/pass/capabilities_baseline0.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities0.yaml
deleted file mode 100755
index 8d989f6f2ba..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities0.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities1.yaml
deleted file mode 100755
index 92c51f1a671..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities1.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_RAW
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities2.yaml
deleted file mode 100755
index f1decea46f1..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities2.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities2
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities3.yaml
deleted file mode 100755
index 23f4b98b35c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities3.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities3
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - chown
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities4.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities4.yaml
deleted file mode 100755
index 270fd72f07d..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities4.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities4
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities5.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities5.yaml
deleted file mode 100755
index 58e5bd93805..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities5.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities5
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - bogus
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities6.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities6.yaml
deleted file mode 100755
index 935bbec6908..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities6.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities6
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities7.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities7.yaml
deleted file mode 100755
index acb905603ef..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/addcapabilities7.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities7
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - CAP_CHOWN
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..71a284bd1f3
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline0.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline1.yaml
new file mode 100755
index 00000000000..94995c57094
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline1
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_RAW
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline2.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline2.yaml
new file mode 100755
index 00000000000..1fe830735cb
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline2.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline2
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - chown
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline3.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline3.yaml
new file mode 100755
index 00000000000..7963fe78339
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/capabilities_baseline3.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline3
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - CAP_CHOWN
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: {}
+  securityContext:
+    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities0.yaml
deleted file mode 100755
index f28e384225c..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities0.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities0
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities1.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities1.yaml
deleted file mode 100755
index b4be8387110..00000000000
--- a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/addcapabilities1.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: addcapabilities1
-spec:
-  containers:
-  - image: k8s.gcr.io/pause
-    name: container1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities: {}
-  initContainers:
-  - image: k8s.gcr.io/pause
-    name: initcontainer1
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_BIND_SERVICE
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
-  securityContext:
-    runAsNonRoot: true
diff --git a/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/capabilities_baseline0.yaml b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/capabilities_baseline0.yaml
new file mode 100755
index 00000000000..be822dd61b1
--- /dev/null
+++ b/staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/pass/capabilities_baseline0.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: capabilities_baseline0
+spec:
+  containers:
+  - image: k8s.gcr.io/pause
+    name: container1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  initContainers:
+  - image: k8s.gcr.io/pause
+    name: initcontainer1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - AUDIT_WRITE
+        - CHOWN
+        - DAC_OVERRIDE
+        - FOWNER
+        - FSETID
+        - KILL
+        - MKNOD
+        - NET_BIND_SERVICE
+        - SETFCAP
+        - SETGID
+        - SETPCAP
+        - SETUID
+        - SYS_CHROOT
+  securityContext:
+    runAsNonRoot: true