Created a policy for deny pod privilege and escalation (#1083)

* changed policy action

Signed-off-by: Tejas-24ytj <tblamkhade24@gmail.com>

* Added a policy to deny pod privilege and escalation

Signed-off-by: Tejas-24ytj <tblamkhade24@gmail.com>

* Renamed the admission policy

Signed-off-by: Tejas-24ytj <tblamkhade24@gmail.com>

---------

Signed-off-by: Tejas-24ytj <tblamkhade24@gmail.com>

Author: Tejas-24ytj

generic/admission/deny-privileged-pods.yaml

@@ -1,9 +1,10 @@
 version: v0.2.3
 policyRules:
-- name: deny-privileged-pods
-  precondition:
-  - OPTSCAN
-  description:
-    tldr: Deny deployment of privileged pods across the cluster
-    detailed: This policy denies the deployment of privileged pods across the cluster to enforce security best practices and prevent privilege escalation risks. The kube-system namespace is excluded from this policy to avoid disruption of critical system components such as CoreDNS, Kube Proxy, and other essential Kubernetes services that may require privileged access.
-  yaml: deny-privileged-pods.yaml
+  - name: priv-escalation-and-deny-priv-pod
+    precondition:
+      - OPTSCAN
+    description:
+      tldr: Block privileged pods and privilege escalation in workloads
+      detailed: This policy blocks privileged pods and privilege escalation to reduce the risk of container escape and enforce least-privilege security across the cluster, while excluding the kube-system namespace to avoid impacting
+          critical Kubernetes components.
+    yaml: priv-escalation-and-deny-priv-pod.yaml

generic/admission/metadata.yaml

@@ -0,0 +1,16 @@
+apiVersion: admission.accuknox.com/v1
+kind: AdmissionPolicy
+metadata:
+  annotations:
+    app.accuknox.com/source: policy-manager
+    app.accuknox.com/type: harden
+  name: priv-escalation-and-deny-priv-pod
+spec:
+  privilegedPod:
+    action: Block
+    ignoreNamespaces:
+    - kube-system
+  privilegeEscalation:
+    action: Block
+    ignoreNamespaces:
+    - kube-system