diff --git a/session-manager/handlers/workshopsession.py b/session-manager/handlers/workshopsession.py
index 8813475b..64cf7d2d 100644
--- a/session-manager/handlers/workshopsession.py
+++ b/session-manager/handlers/workshopsession.py
@@ -1217,6 +1217,10 @@ def resolve_security_policy(name):
                                     "name": "POLICY_ENGINE",
                                     "value": CLUSTER_SECURITY_POLICY_ENGINE,
                                 },
+                                {
+                                    "name": "POLICY_NAME",
+                                    "value": namespace_security_policy,
+                                },
                             ],
                             "volumeMounts": [
                                 {
diff --git a/workshop-images/base-environment/opt/renderer/src/backend/modules/config.ts b/workshop-images/base-environment/opt/renderer/src/backend/modules/config.ts
index a8860ffd..36f63a52 100644
--- a/workshop-images/base-environment/opt/renderer/src/backend/modules/config.ts
+++ b/workshop-images/base-environment/opt/renderer/src/backend/modules/config.ts
@@ -53,6 +53,7 @@ export let config = {
     ingress_class: process.env.INGRESS_CLASS || "",
     storage_class: process.env.STORAGE_CLASS || "",
     policy_engine: process.env.POLICY_ENGINE || "none",
+    policy_name: process.env.POLICY_NAME || "restricted",
 
     // Google analytics tracking ID.
 
@@ -114,6 +115,7 @@ config.variables.push({ name: "ingress_port_suffix", content: config.ingress_por
 config.variables.push({ name: "ingress_class", content: config.ingress_class })
 config.variables.push({ name: "storage_class", content: config.storage_class })
 config.variables.push({ name: "policy_engine", content: config.policy_engine })
+config.variables.push({ name: "policy_name", content: config.policy_name })
 
 if (fs.existsSync("/var/run/secrets/kubernetes.io/serviceaccount/token")) {
     let data = fs.readFileSync("/var/run/secrets/kubernetes.io/serviceaccount/token")