PSP Allows Sharing Host IPC
- Query id: 80f93444-b240-4ebb-a4c6-5c40b76c04ea
- Query name: PSP Allows Sharing Host IPC
- Platform: Kubernetes
- Severity: High
- Category: Insecure Configurations
- CWE: 250
- URL: Github
Description¶
Pod Security Policy allows containers to share the host IPC namespace
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: example
spec:
hostIPC: true
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny