Merge pull request #47246 from haircommander/container_engine_t-1.31

PSS: add container_engine_t to allowed list of selinux types
2024-07-23 16:14:17 -07:00 · 2024-07-23 16:14:17 -07:00 · 7e90855773
parent c97ec9ac76 06aff012a2
commit 7e90855773
2 changed files with 2 additions and 1 deletions
--- a/content/en/docs/concepts/security/pod-security-standards.md
+++ b/content/en/docs/concepts/security/pod-security-standards.md
@ -213,6 +213,7 @@ fail validation.
 					<li><code>container_t</code></li>
 					<li><code>container_init_t</code></li>
 					<li><code>container_kvm_t</code></li>
+					<li><code>container_engine_t</code> (since Kubernetes 1.31)</li>
 				</ul>
 				<hr />
 				<p><strong>Restricted Fields</strong></p>
--- a/content/en/docs/reference/access-authn-authz/psp-to-pod-security-standards.md
+++ b/content/en/docs/reference/access-authn-authz/psp-to-pod-security-standards.md
@ -130,7 +130,7 @@ under the `.spec` field path.
        <ul>
          <li><code>user</code> is unset (<code>""</code> / undefined / nil)</li>
          <li><code>role</code> is unset (<code>""</code> / undefined / nil)</li>
-          <li><code>type</code> is unset or one of: <code>container_t, container_init_t, container_kvm_t</code></li>
+          <li><code>type</code> is unset or one of: <code>container_t, container_init_t, container_kvm_t, container_engine_t</code></li>
          <li><code>level</code> is anything</li>
        </ul>
      </td>