lacework-global-755
Minimize the admission of containers with added capabilities (Automated)
Description
Do not generally permit containers with capabilities assigned beyond the default set.
Remediation
Ensure that allowedCapabilities is not present in policies for the cluster unless set to an empty array.
References
https://kubernetes.io/docs/concepts/security/pod-security-policy/
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container
https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/