From 78ed5af439276f859c685242bb651725d55d3024 Mon Sep 17 00:00:00 2001
From: Christian Bianchi <whites11@gmail.com>
Date: Tue, 16 Jan 2024 09:52:03 +0100
Subject: [PATCH] Fix pss for hostNetwork (#147)

* Fix PSS to allow using hostNetwork in agents.

* Fix PSS to allow using hostNetwork in agents.
---
 CHANGELOG.md                                               | 4 ++++
 helm/aws-efs-csi-driver/templates/pss-exceptions-node.yaml | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 61a6a69..934005e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- Fix PSS to allow using hostNetwork in agents.
+
 ## [1.2.2] - 2023-12-21
 
 # Changed
diff --git a/helm/aws-efs-csi-driver/templates/pss-exceptions-node.yaml b/helm/aws-efs-csi-driver/templates/pss-exceptions-node.yaml
index c0b34b1..cb1e480 100644
--- a/helm/aws-efs-csi-driver/templates/pss-exceptions-node.yaml
+++ b/helm/aws-efs-csi-driver/templates/pss-exceptions-node.yaml
@@ -40,6 +40,12 @@ spec:
         - adding-capabilities-strict
         - autogen-require-drop-all
         - autogen-adding-capabilities-strict
+    - policyName: disallow-host-namespaces
+      ruleNames:
+        - autogen-host-namespaces
+    - policyName: disallow-host-ports
+      ruleNames:
+        - autogen-host-ports-none
   match:
     any:
       - resources: