Example Security Context Constraint
Learn about the ibm-noi-scc YAML example for custom security context
constraints.
The following
ibm-noi-scc YAML includes an example of custom SCC settings
in version 1.6.6apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: ibm-noi-scc
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
defaultAddCapabilities: []
allowedCapabilities: []
priority: 0
fsGroup:
type: RunAsAny
readOnlyRootFilesystem: false
requiredDropCapabilities:
- MKNOD
- KILL
- SETUID
- SETGID
- IPC_OWNER
- IPC_LOCK
runAsUser:
type: MustRunAsNonRoot
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret