mirror of
https://github.com/aquasecurity/kube-hunter.git
synced 2026-05-24 01:55:20 +00:00
836 B
836 B
vid, title, categories
| vid | title | categories | |
|---|---|---|---|
| KHV044 | Privileged Container |
|
{{ page.vid }} - {{ page.title }}
Issue description
A privileged container is given access to all devices on the host and can work at the kernel level. It is declared using the Pod.spec.containers[].securityContext.privileged attribute. This may be useful for infrastructure containers that perform setup work on the host, but is a dangerous attack vector.
Remediation
Minimize the use of privileged containers.
Use Pod Security Policies to enforce using privileged: false policy.