From 2c12866ce97132b4490d600cf0cfa9f5bbbd4b66 Mon Sep 17 00:00:00 2001
From: Maksim An <maksiman@microsoft.com>
Date: Thu, 21 May 2026 17:37:27 -0700
Subject: [PATCH] add SIGKILL and SIGTERM to pause container signals

Signed-off-by: Maksim An <maksiman@microsoft.com>
---
 internal/tools/securitypolicy/helpers/helpers.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/tools/securitypolicy/helpers/helpers.go b/internal/tools/securitypolicy/helpers/helpers.go
index 7c84f7dcd7..99f90b8ac4 100644
--- a/internal/tools/securitypolicy/helpers/helpers.go
+++ b/internal/tools/securitypolicy/helpers/helpers.go
@@ -7,6 +7,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"syscall"
 
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -74,6 +75,10 @@ func DefaultContainerConfigs() []sp.ContainerConfig {
 		ImageName:     "k8s.gcr.io/pause:3.1",
 		Command:       []string{"/pause"},
 		AllowElevated: true,
+		Signals: []syscall.Signal{
+			syscall.SIGKILL,
+			syscall.SIGTERM,
+		},
 	}
 	return []sp.ContainerConfig{pause}
 }