---
title: "Disallow Sudo Operations"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/disallow-sudo-operations/
---


### Description

The usage of sudo within a Dockerfile is generally not preferred due to several reasons, primarily to avoid potential security risks associated with privilege escalations. Using sudo within a Dockerfile grants additional privileges to the execution context. This Policy checks whether the sudo operation is used within the Dockerfile.

### Kyverno policy

Refer to the Nirmata curated policies - [disallow-sudo-operations](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/disallow-sudo-operations/disallow-sudo-operations.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM ubuntu:20.04
RUN apt-get update && \
    apt-get install -y vim
RUN apt-get install -y python3
```text