}
	allErrs = append(allErrs, validateSeccompProfileField(sc.SeccompProfile, fldPath.Child("seccompProfile"))...)
	if sc.AllowPrivilegeEscalation != nil && !*sc.AllowPrivilegeEscalation {
		if sc.Privileged != nil && *sc.Privileged {
			allErrs = append(allErrs, field.Invalid(fldPath, sc, "cannot set `allowPrivilegeEscalation` to false and `privileged` to true"))
		}

		if sc.Capabilities != nil {

	// +optional
	AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,7,opt,name=allowPrivilegeEscalation"`
	// procMount denotes the type of proc mount to use for the containers.
	// The default is DefaultProcMount which uses the container runtime defaults for
	// readonly paths and masked paths.
	// This requires the ProcMountType feature flag to be enabled.

  // +optional
  optional bool readOnlyRootFilesystem = 6;

  // AllowPrivilegeEscalation controls whether a process can gain more
  // privileges than its parent process. This bool directly controls if
  // the no_new_privs flag will be set on the container process.
  // AllowPrivilegeEscalation is true always when the container is:
  // 1) run as Privileged
  // 2) has CAP_SYS_ADMIN

	"allowPrivilegeEscalation": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name...

  // +optional
  optional bool readOnlyRootFilesystem = 6;

  // AllowPrivilegeEscalation controls whether a process can gain more
  // privileges than its parent process. This bool directly controls if
  // the no_new_privs flag will be set on the container process.
  // AllowPrivilegeEscalation is true always when the container is:
  // 1) run as Privileged
  // 2) has CAP_SYS_ADMIN

	out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
	out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem))
	out.AllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.AllowPrivilegeEscalation))
	out.ProcMount = (*core.ProcMountType)(unsafe.Pointer(in.ProcMount))
	out.SeccompProfile = (*core.SeccompProfile)(unsafe.Pointer(in.SeccompProfile))

	// +optional
	ReadOnlyRootFilesystem *bool
	// AllowPrivilegeEscalation controls whether a process can gain more
	// privileges than its parent process. This bool directly controls if
	// the no_new_privs flag will be set on the container process.
	// Note that this field cannot be set when spec.os.name is windows.
	// +optional
	AllowPrivilegeEscalation *bool

* PodSecurityPolicy: Fixes a compatibility issue that caused policies that previously allowed privileged pods to start forbidding them, due to an incorrect default value for `allowPrivilegeEscalation`. PodSecurityPolicy objects defined using a 1.8.0 client or server that intended to set `allowPrivilegeEscalation` to `false` must be reapplied after upgrading to 1.8.1. ([#53443](https://github.com/kubernetes/kubernetes/pull/53443), [@liggitt](https://github.com/liggitt))

        "properties": {
          "allowPrivilegeEscalation": {