From 128ff6e42dbc032cfa7ac999cf8f807a812fa3d1 Mon Sep 17 00:00:00 2001
From: Jim Bugwadia <jim@nirmata.com>
Date: Mon, 7 Oct 2024 13:43:51 -0700
Subject: [PATCH] fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---
 .../.chainsaw-test/podcontroller-bad.yaml     | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml b/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml
index d6bd83a50..046fce12a 100644
--- a/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml
+++ b/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml
@@ -15,6 +15,9 @@ spec:
       containers:
       - name: container01
         image: ghcr.io/kyverno/test-busybox:1.35
+        securityContext:
+          runAsNonRoot: true
+          allowPrivilegeEscalation: true
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -53,6 +56,8 @@ spec:
       containers:
       - name: container01
         image: ghcr.io/kyverno/test-busybox:1.35
+        securityContext:
+          allowPrivilegeEscalation: true
       - name: container02
         image: ghcr.io/kyverno/test-busybox:1.35
         securityContext:
@@ -80,7 +85,7 @@ spec:
       - name: container02
         image: ghcr.io/kyverno/test-busybox:1.35
         securityContext:
-          allowPrivilegeEscalation: false
+          allowPrivilegeEscalation: true
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -99,6 +104,8 @@ spec:
       initContainers:
       - name: initcontainer01
         image: ghcr.io/kyverno/test-busybox:1.35
+        securityContext:
+          allowPrivilegeEscalation: true
       containers:
       - name: container01
         image: ghcr.io/kyverno/test-busybox:1.35
@@ -129,8 +136,6 @@ spec:
       containers:
       - name: container01
         image: ghcr.io/kyverno/test-busybox:1.35
-        securityContext:
-          allowPrivilegeEscalation: false
 ---
 apiVersion: batch/v1
 kind: CronJob
@@ -146,6 +151,9 @@ spec:
           containers:
           - name: container01
             image: ghcr.io/kyverno/test-busybox:1.35
+            securityContext:
+              runAsNonRoot: true
+              allowPrivilegeEscalation: true
 ---
 apiVersion: batch/v1
 kind: CronJob
@@ -178,10 +186,12 @@ spec:
           containers:
           - name: container01
             image: ghcr.io/kyverno/test-busybox:1.35
+            securityContext:
+              allowPrivilegeEscalation: true
           - name: container02
             image: ghcr.io/kyverno/test-busybox:1.35
             securityContext:
-              allowPrivilegeEscalation: false
+              allowPrivilegeEscalation: true
 ---
 apiVersion: batch/v1
 kind: CronJob
@@ -222,7 +232,7 @@ spec:
           - name: container01
             image: ghcr.io/kyverno/test-busybox:1.35
             securityContext:
-              allowPrivilegeEscalation: false
+              allowPrivilegeEscalation: true
 ---
 apiVersion: batch/v1
 kind: CronJob
@@ -246,5 +256,5 @@ spec:
           - name: container01
             image: ghcr.io/kyverno/test-busybox:1.35
             securityContext:
-              allowPrivilegeEscalation: false
+              allowPrivilegeEscalation: true
 ---
\ No newline at end of file