CloudWiki
Rules
Medium

Ensure containers do not run with AllowPrivilegeEscalation

Security & Compliance
No items found.
Description

When AllowPrivilegeEscalation is enabled in a container, it allows the user to escalate their privileges to those of the container host. This can potentially give an attacker root access to the host machine. To prevent this, it is recommended to disable AllowPrivilegeEscalation. When AllowPrivilegeEscalation is disabled, any attempts to escalate privileges will fail, ensuring that the container remains isolated and secure. Additionally, it is recommended to minimize the use of privileged containers in general, and to only use them when necessary for the application to function properly. This helps to reduce the attack surface and minimize the risk of privilege escalation.

Remediation

To ensure that containers do not run with AllowPrivilegeEscalation, you can take the following remediation steps:

  1. Update the deployment manifest or the pod specification YAML file to include the following security context:

securityContext:
 allowPrivilegeEscalation: false

  1. Redeploy the updated manifest or YAML file to the cluster.
  2. Ensure that all containers in the deployment or pod are running with the updated security context.
  3. If you are using a container image from a third-party source, verify that it does not have the capability to escalate privileges.
  4. Regularly monitor the containers to ensure that they continue to run with the updated security context and that no new containers are created with AllowPrivilegeEscalation enabled.
  5. If you need to run a container with escalated privileges for a specific task, ensure that the container is isolated and that it runs in a restricted environment where it cannot cause harm to other containers or the host system.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.