Root Container Not Mounted Read-only
- Query id: a9c2f49d-0671-4fc9-9ece-f4e261e128d0
- Query name: Root Container Not Mounted Read-only
- Platform: Kubernetes
- Severity: Low
- Category: Build Process
- CWE: 668
- URL: Github
Description¶
Check if the root container filesystem is not being mounted as read-only.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: rootfalse
labels:
app: goproxy
spec:
containers:
- name: contain1_1
image: k8s.gcr.io/goproxy:0.1
securityContext:
readOnlyRootFilesystem: false
---
apiVersion: v1
kind: Pod
metadata:
name: noroot
labels:
app: goproxy
spec:
containers:
- name: contain1_2
image: k8s.gcr.io/goproxy:0.1
securityContext:
someotherthing: true