Control: DaemonSet containers should not use CAP_SYS_ADMIN linux capability
Description
This check ensures that the container in the DaemonSet does not use CAP_SYS_ADMIN Linux capability.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.daemonset_container_sys_admin_capability_disabled
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.daemonset_container_sys_admin_capability_disabled --share
SQL
This control uses a named query:
daemonset_container_sys_admin_capability_disabled