/
Containers Sharing Sensitive Host Namespaces Should Be Avoided
Containers Sharing Sensitive Host Namespaces Should Be Avoided
- Former user (Deleted)
Owned by Former user (Deleted)
Aug 17, 2021
1 min read
Analytics
Loading data...
Description:
To protect against privilege escalation outside the container, avoid pod access to sensitive host namespaces (host process ID and host IPC) in a Kubernetes cluster.
Remediation:
1. From the Unhealthy resources tab, select the cluster. Security Center lists the pods sharing host process ID or host IPC.
2. Set the host process ID and host IPC to 'false' on the pod's spec.
3. After making your changes, redeploy the pod with the updated spec.
, multiple selections available,
Related content
Privileged Containers Should be Avoided
Privileged Containers Should be Avoided
More like this
Usage of Host Networking and Ports Should be Restricted
Usage of Host Networking and Ports Should be Restricted
More like this
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
More like this
Kubernetes Clusters Should Not Use the Default Namespace
Kubernetes Clusters Should Not Use the Default Namespace
More like this
Container With Privilege Escalation Should Be Avoided
Container With Privilege Escalation Should Be Avoided
More like this
Running Containers as Root User Should be Avoided
Running Containers as Root User Should be Avoided
More like this