We are going to implement OPA policy for the situation when we need to make sure pod contains the security context with allowPrivilegeEscalation=true. This defaults to allowed so as to not break setuid binaries.
Allow "Privilege" Escalation
Setting allowPrivilegeEscalation to false ensures that no child process of a container can gain more privileges than its parent. So we are making policy for ensuring allowance of privilege escalation.