Skip to content

Commit

Permalink
Add "MayRunAs" value among other GroupStrategies
Browse files Browse the repository at this point in the history
  • Loading branch information
@stlaz
stlaz committed Sep 10, 2018
1 parent ac29205 commit c75dba4
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions content/en/docs/concepts/policy/pod-security-policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,9 @@ The **recommended minimum set** of allowed volumes for new PSPs are:

- *MustRunAs* - Requires at least one `range` to be specified. Uses the
minimum value of the first range as the default. Validates against all ranges.
- *MayRunAs* - Requires at least one `range` to be specified. Allows
`FSGroups` to be left unset without providing a default. Validates against
all ranges if `FSGroups` is set.
- *RunAsAny* - No default provided. Allows any `fsGroup` ID to be specified.

**AllowedHostPaths** - This specifies a whitelist of host paths that are allowed
Expand Down Expand Up @@ -491,6 +494,9 @@ recommended with this strategy.

- *MustRunAs* - Requires at least one `range` to be specified. Uses the
minimum value of the first range as the default. Validates against all ranges.
- *MayRunAs* - Requires at least one `range` to be specified. Allows
`supplementalGroups` to be left unset without providing a default.
Validates against all ranges if `supplementalGroups` is set.
- *RunAsAny* - No default provided. Allows any `supplementalGroups` to be
specified.

Expand Down

0 comments on commit c75dba4

Please sign in to comment.