AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

[Preview]: Sets readOnlyRootFileSystem in the Pod spec in init containers to true if it is not set.

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Sets readOnlyRootFileSystem in the Pod spec in init containers to true if it is not set.
Id 2ae2f266-ecc3-4d26-82c5-8c3cb7774f45
Version 1.3.0-preview
Details on versioning
Versioning Versions supported for Versioning: 4
1.3.0-preview
1.2.0-preview
1.1.0-preview
1.0.0-preview
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Setting readOnlyRootFileSystem to true increases security by preventing containers from writing into the root filesystem. This works only for linux containers.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.2.0-preview'
Repository: Azure-Policy 2ae2f266-ecc3-4d26-82c5-8c3cb7774f45
Mode Microsoft.Kubernetes.Data
Type BuiltIn
Preview True
Deprecated False
Effect Default
Mutate
Allowed
Mutate, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Deployment safeguards should help guide developers towards AKS recommended best practices c047ea8e-9c78-49b2-958b-37e56d291a44 Kubernetes Preview BuiltIn true
History
Date/Time (UTC ymd) (i) Change type Change detail
2025-04-22 16:46:02 change Minor, suffix remains equal (1.2.0-preview > 1.3.0-preview)
2024-08-09 18:17:47 change Minor, suffix remains equal (1.1.0-preview > 1.2.0-preview)
2024-04-12 17:45:57 change Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
2024-04-08 17:52:20 add 2ae2f266-ecc3-4d26-82c5-8c3cb7774f45
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC