const capabilityAll … const capabilityNetBindService … func init() { … } // CheckCapabilitiesRestricted returns a restricted level check // that ensures ALL capabilities are dropped in 1.22+ func CheckCapabilitiesRestricted() Check { … } func capabilitiesRestricted_1_22(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { … } func capabilitiesRestricted_1_25(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { … }