genpolicy-0.6.2-5
·
290 commits
to msft-main
since this release
Release notes
- Policy generation improvements
What's Changed
- genpolicy: reject some of the CopyFile requests by @danmihai1 in #136
- genpolicy: block some symlink create requests by @danmihai1 in #137
- genpolicy: reject kernel_modules by @danmihai1 in #139
- genpolicy: validate create sandbox storages by @danmihai1 in #139
- genpolicy: reject create custom hook settings by @danmihai1 in #140
Full Changelog: genpolicy-0.6.2-4...genpolicy-0.6.2-5
Limitations and Important Notes
- Doesn't support CronJob deployment
- Doesn't support the UDP protocol for Services, LoadBalancers, and EndpointSlices
- Only supports pods the use IPv4 addresses
- subPath field in the volume mount is not supported
- Pod Disruption Budget is not supported
- Priority Classes are not supported
- User managed identity based ACR authentication is not supported
Contributors
danmihai1