PSP Allows Sharing Host PID
- Query id: 91dacd0e-d189-4a9c-8272-5999a3cc32d9
- Query name: PSP Allows Sharing Host PID
- Platform: Kubernetes
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
Pod Security Policy allows containers to share the host process ID namespace
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: example
spec:
hostPID: true
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny