PSP Set To Privileged

Query id: ee305555-6b1d-4055-94cf-e22131143c34
Query name: PSP Set To Privileged
Platform: Pulumi
Severity: Medium
Category: Insecure Configurations
URL: Github

Description¶

Do not allow pod to request execution as privileged.
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Postitive test num. 1 - yaml file

name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: kubernetes:policy/v1beta1:PodSecurityPolicy
    properties:
      metadata:
        name: example
      spec:
        privileged: true

Code samples without security vulnerabilities¶

Negative test num. 1 - yaml file

name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: kubernetes:policy/v1beta1:PodSecurityPolicy
    properties:
      metadata:
        name: example
      spec:
        privileged: false