Disallow Sudo Operations


The usage of sudo within a Dockerfile is generally not preferred due to several reasons, primarily to avoid potential security risks associated with privilege escalations. Using sudo within a Dockerfile grants additional privileges to the execution context. This Policy checks whether the sudo operation is used within the Dockerfile.

Kyverno policy

Refer to the Nirmata curated policies - disallow-sudo-operations.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM ubuntu:20.04
RUN apt-get update && \
    apt-get install -y vim
RUN apt-get install -y python3