Nirmata Documentation
  • Home
  • Products
    Nirmata Kyverno Enterprise Nirmata Policy Manager Nirmata DevSecOps Platform
  • docs
    Get Started Cluster Management Application Management Policy Management Identity & Access Settings Policy Sets REST API Private Edition Release Notes
  • release
    V3.5.4 V3.9.0
  • Policy Sets
    • Pod Security Standards
      • Baseline profile
        • disallow-capabilities
        • disallow-host-namespaces
        • disallow-host-path
        • disallow-host-ports
        • disallow-host-process
        • disallow-privileged-containers
        • disallow-proc-mount
        • disallow-selinux
        • restrict-apparmor-profiles
        • restrict-seccomp
        • restrict-sysctls
      • Restricted profile
        • disallow-capabilities-strict
        • disallow-privilege-escalation
        • require-run-as-non-root
        • require-run-as-non-root-user
        • restrict-seccomp-strict
        • restrict-volume-types
  • Nirmata Documentation
  • Policy Sets
  • Pod Security Standards
  • Restricted profile

Restricted profile

The Restricted policy is aimed at enforcing current Pod hardening best practices, at the expense of some compatibility. It is targeted at operators and developers of security-critical applications, as well as lower-trust users.

Click on each of the controls to know more about them.

  • disallow-capabilities-strict
  • disallow-privilege-escalation
  • require-run-as-non-root-user
  • require-run-as-non-root
  • restrict-seccomp-strict
  • restrict-volume-types

restrict-sysctls disallow-capabilities-strict

© Copyright 2022, Nirmata