examples for sys_ptrace TC (#187)

* examples for sys_ptrace TC

* fix yamlint

Author: edcdavid

examples/accesscontrol/sysptrace_fail.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: null
+  labels:
+    run: sysptrace-fail
+    app: test
+    test-network-function.com/generic: target
+    test-network-function.com/container: target
+  name: sysptrace-fail
+  namespace: tnf
+spec:
+  shareProcessNamespace: true
+  automountServiceAccountToken: false
+  securityContext:
+    runAsUser: 1000900000
+    runAsGroup: 1000900000
+    fsGroup: 1000900000
+  containers:
+    - image: quay.io/testnetworkfunction/cnf-test-partner:latest
+      name: test
+      resources: {}
+      securityContext:
+        seLinuxOptions:
+          level: "s0:c30,c15"
+        capabilities:
+          drop: ["KILL", "MKNOD", "SETUID", "SETGID"]
+        allowPrivilegeEscalation: false
+        readOnlyRootFilesystem: false
+        privileged: false
+  dnsPolicy: ClusterFirst
+  restartPolicy: Always

examples/accesscontrol/sysptrace_pass.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: null
+  labels:
+    run: sysptrace-pass
+    app: test
+    test-network-function.com/generic: target
+    test-network-function.com/container: target
+  name: sysptrace-pass
+  namespace: tnf
+spec:
+  shareProcessNamespace: true
+  automountServiceAccountToken: false
+  securityContext:
+    runAsUser: 1000900000
+    runAsGroup: 1000900000
+    fsGroup: 1000900000
+  containers:
+    - image: quay.io/testnetworkfunction/cnf-test-partner:latest
+      name: test
+      resources: {}
+      securityContext:
+        seLinuxOptions:
+          level: "s0:c30,c15"
+        capabilities:
+          drop: ["KILL", "MKNOD", "SETUID", "SETGID"]
+          add: ["SYS_PTRACE"]
+        allowPrivilegeEscalation: false
+        readOnlyRootFilesystem: false
+        privileged: false
+  dnsPolicy: ClusterFirst
+  restartPolicy: Always