Adding sudo to a container entry point command may escalate process privileges and allow access to forbidden resources.
- Not Configurable
- CronJob
- DaemonSet
- Deployment
- Job
- Pod
- ReplicaSet
- StatefulSet
This Policy checks that there is no sudo in the container entrypoint
. If there is sudo
in container entrypoint, the resource is denied from being deployed in the cluster.