/
Privileged Containers Should be Avoided
Privileged Containers Should be Avoided
- Former user (Deleted)
Owned by Former user (Deleted)
Aug 17, 2021
1 min read
Analytics
Loading data...
Description:
To prevent unrestricted host access, avoid privileged containers whenever possible. Privileged containers have all of the root capabilities of a host machine. They can be used as entry points for attacks and to spread malicious code or malware to compromised applications, hosts and networks.
Solution/Reference:
From the 'Unhealthy resources' tab, select the cluster. Security Center lists the pods running privileged containers.
For these pods, set the privileged flag to 'false' on the security context of the container's spec. After making your changes, redeploy the pod with the updated spec.
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
, multiple selections available,
Related content
Container With Privilege Escalation Should Be Avoided
Container With Privilege Escalation Should Be Avoided
More like this
Running Containers as Root User Should be Avoided
Running Containers as Root User Should be Avoided
More like this
Least Privileged Linux Capabilities Should Be Enforced for Containers
Least Privileged Linux Capabilities Should Be Enforced for Containers
More like this
Containers Sharing Sensitive Host Namespaces Should Be Avoided
Containers Sharing Sensitive Host Namespaces Should Be Avoided
More like this
Usage of Host Networking and Ports Should be Restricted
Usage of Host Networking and Ports Should be Restricted
More like this
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
More like this