CloudWiki
Rules
Low

Ensure containers run with a high UID to avoid host conflict

Security & Compliance
No items found.
Description

When running containers in a Kubernetes or Docker environment, it is important to ensure that the containers are run with a high UID (User ID) to avoid conflicts with the host system. By default, when a container runs with a low UID, there is a risk of conflicts with the host system, which can potentially allow an attacker to gain escalated privileges or compromise the host system. To mitigate this risk, containers should be run with a high UID to ensure that they are isolated from the host system and cannot access resources or data that they should not be able to access. Ensuring that containers run with a high UID is a best practice for securing containerized environments and preventing potential security breaches.‍

Remediation

The following are the remediation steps to ensure that containers run with a high UID:

  1. For Docker, when running a container, use the --user or -u option to specify a UID greater than 1000. For example, docker run --user 2000 <image>.
  2. For Kubernetes, define a security context for the container that sets the runAsUser field to a UID greater than 1000. Here's an example YAML file:
    apiVersion: v1
    kind: Pod
    metadata:
     name: my-pod
    spec:
     securityContext:
       runAsUser: 2000
     containers:
       - name: my-container
         image: my-image
  3. Use a tool such as Open Policy Agent (OPA) or Kubernetes Admission Controllers to enforce the use of high UIDs for all containers.
  4. For containers that require root privileges, use the allowPrivilegeEscalation: false field in the security context to prevent the container from escalating privileges.
  5. By following these steps, you can ensure that containers run with a high UID, which helps to avoid conflicts with the host system and prevents potential security breaches.
Enforced Resources
Pod
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.