PSP Set To Privileged
- Query id: c48e57d3-d642-4e0b-90db-37f807b41b91
- Query name: PSP Set To Privileged
- Platform: Kubernetes
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
Do not allow pod to request execution as privileged.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: example
spec:
privileged: true
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'