Running containers in privileged mode can reduce the resilience of a cluster in the event of a security incident because it weakens the isolation
between hosts and containers.
Process permissions in privileged containers are essentially the same as root permissions on the host. If these processes are not protected by
robust security measures, an attacker who compromises a root process on a Pod’s host is likely to gain the ability to pivot within the cluster.
Depending on how resilient the cluster is, attackers can extend their attack to the cluster by compromising the nodes from which the cluster launched
the process.
Ask Yourself Whether
- The services of this Pod are accessible to people who are not administrators of the Kubernetes cluster.
There is a risk if you answered yes to this question.
Recommended Secure Coding Practices
Disable privileged mode.
Sensitive Code Example
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
containers:
- name: web
image: nginx
ports:
- name: web
containerPort: 80
protocol: TCP
securityContext:
privileged: true # Sensitive
Compliant Solution
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
containers:
- name: web
image: nginx
ports:
- name: web
containerPort: 80
protocol: TCP
securityContext:
privileged: false
See
