Example 6: Restrict by run as user name

Here we want the containers to be running as default image run as user. If the user want to override the run as user, it is only allowed to run as his username or nobody.

policies.yml
---

- description: Run as user override.
  hosts:
    - +.*
  default: Allow
  policies:
    - members:
        - all
      rules:
        any:
          User:
            - ^nobody$
            - ^$USER$

...
groups.yml
---
all:
  - "*"
...