Buildah build task Package

Verify the ADD_CAPABILITIES parameter of a builder Tasks was not used.

Solution: The ADD_CAPABILITIES parameter is not allowed for most container image builds. This, however, might be required for certain build types, e.g. flatpaks. Either unset the parameter or use a policy config that excludes this policy rule.

Verify the Dockerfile used in the buildah task was not fetched from an external source.

Solution: Make sure the 'DOCKERFILE' parameter does not come from an external source.

Verify the value of the PLATFORM parameter of a builder Task is allowed by matching against a list of disallowed patterns. The list of patterns can be customized via the disallowed_platform_patterns rule data key. If empty, all values are allowed.

Solution: Use a different PLATFORM value that is not disallowed by the policy config.

Verify the PRIVILEGED_NESTED parameter of a builder Tasks was not set to true.

Solution: Setting PRIVILEGED_NESTED parameter to true is not allowed for most container image builds. Either set the parameter value to false or use a policy config that excludes this policy rule.

Confirm the disallowed_platform_patterns rule data, if provided matches the expected format.