PSP Allows Sharing Host IPC

Query id: 80f93444-b240-4ebb-a4c6-5c40b76c04ea
Query name: PSP Allows Sharing Host IPC
Platform: Kubernetes
Severity: High
Category: Insecure Configurations
CWE: 250
URL: Github

Description¶

Pod Security Policy allows containers to share the host IPC namespace
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  hostIPC: true
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny

Code samples without security vulnerabilities¶

Negative test num. 1 - yaml file

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  hostIPC: false
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny