Question: exclusions to PodSecurity sub-rule

[sachintiptur]

I am trying to write a clusterpolicy using PodSecurity sub-rule at restricted level. Though this acts as a single rule and simplifies policy writing, I am finding difficulty in excluding some controls for some of the pods. As images can be used for only some of the container level controlName, I am not able to mention exclusions for controlName that does not support images. For ex: controlName: Volume Types cannot have image level exclusions.
Is there any way to achieve this using PodSecurity sub-rule to mention exclusions?

Kyverno version: 1.12

[chipzoller]

Converted to discussion.

Because that control is applicable at the Pod level and not container level, the way you'd have to achieve it is by using the standalone policy and modifying it or using a Policy Exception against that policy.