A pod security policy allows you set a global policy that applies to all newly created pods. It is enforced as part of the admission stage of access control. The pod security policy can create a security context for pods with no security context or reject pod creation and updating if they have a security context that doesn't match the policy. Here is a security policy that will prevent pods from getting a privileged status that allows access to host devices:

apiVersion: policy/v1beta1kind: PodSecurityPolicymetadata:  name: disallow-privileged-accessspec:  privileged: false  allowPrivilegeEscalation: false  # required fields.  seLinux:    rule: RunAsAny  supplementalGroups:    rule: RunAsAny  runAsUser: rule: ...