Disallow Sudo Operations
Description
The usage of sudo within a Dockerfile is generally not preferred due to several reasons, primarily to avoid potential security risks associated with privilege escalations. Using sudo within a Dockerfile grants additional privileges to the execution context. This Policy checks whether the sudo operation is used within the Dockerfile.
Kyverno policy
Refer to the Nirmata curated policies - disallow-sudo-operations.
Resource example
Below is an example of a Dockerfile enforcing this policy.
FROM ubuntu:20.04
RUN apt-get update && \
apt-get install -y vim
RUN apt-get install -y python3