Container is privileged

ID

privileged_containers

Severity

high

Vendor

Kubernetes

Resource

General Security

Tags

reachable

Description

Privileged containers are containers that have full root capabilities of a host machine, allowing access to resources that are not accessible in ordinary containers.

Running a container with a privileged flag allows users to have critical access to the host’s resources

Examples

apiVersion: v1
kind: Pod
metadata:
  name: bad
spec:
  containers:
    - name: bad-container
      image: <container-image>
      securityContext:
          privileged: true (1)
1 Security Context privileged configuration enabled means containers have all of the root capabilities of a host machine.

Mitigation / Fix

apiVersion: v1
kind: Pod
metadata:
  name: good
spec:
  containers:
    - name: bad-container
      image: <container-image>
      securityContext:
          privileged: false (1)
1 Security Context privileged configuration not enabled means containers do not have all of the root capabilities of a host machine.