The Baseline profile is aimed at ease of adoption for common containerized workloads while preventing known privilege escalations. It is targeted at application operators and developers of non-critical applications.

Click on each of the controls to know more about them.

• disallow-capabilties
• disallow-host-namespaces
• disallow-host-path
• disallow-host-ports
• disallow-host-process
• disallow-privileged-containers
• disallow-proc-mount
• disallow-selinux
• restrict-apparmor-profiles
• restrict-seccomp
• restrict-sysctls