Fix 5.2.6 remediation

aquasecurity · Jan 10, 2025 · ad7c2ef · ad7c2ef
1 parent 799d11d
commit ad7c2ef
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/cfg/cis-1.10/policies.yaml b/cfg/cis-1.10/policies.yaml
@@ -369,9 +369,9 @@ groups:
                 value: true
         remediation: |
           Add policies to each namespace in the cluster which has user workloads to restrict the
-          admission of containers with `.spec.allowPrivilegeEscalation` set to `true`.
-          Audit: the audit retrieves each Pod's container(s) `.spec.allowPrivilegeEscalation`.
-          Condition: is_compliant is false if container's `.spec.allowPrivilegeEscalation` is set to `true`.
+          admission of containers with `.securityContext.allowPrivilegeEscalation` set to `true`.
+          Audit: the audit retrieves each Pod's container(s) `.securityContext.allowPrivilegeEscalation`.
+          Condition: is_compliant is false if container's `.securityContext.allowPrivilegeEscalation` is set to `true`.
           Default: If notset, privilege escalation is allowed (default to true). However if PSP/PSA is used with a `restricted` profile,
           privilege escalation is explicitly disallowed unless configured otherwise.
         scored: false