<img src="https://ws.zoominfo.com/pixel/JHVDdRXH2uangmUMQBZd" width="1" height="1" style="display: none;">

Magalix Introduces the Cloud-Native Application Policy Pack

Exit icon Learn More

Pod Security Policies Advisor - Container Running in Privileged Mode

DevOps Kubernetes Governance Policies
Pod Security Policies Advisor - Container Running in Privileged Mode
DevOps Kubernetes Governance Policies

OVERVIEW

As you take your next steps into securing your Kubernetes cluster, Magalix wants to ensure that you are not allowing containers to be run in privileged mode. Privilege mode allows containers to have the equivalent of root level access to the underlying node.

How Magalix Helps?

Identifying workload consistency across your cluster can be a never ending process. Multiply that process by the number of clusters you need to support, and you can guarantee you’ll be chasing your own tail in perpetuity. By default, Magalix KubeAdvisor ships with a governance policy that detects when your workloads are running with privileged mode enabled across one, or all of your cluster.

Identifying the Issue:

Issues Dashboard

When logging into the Magalix console, find your cluster and drill down to Issues using the navigation bar on the left.

Magalix - Pod Security Policies Advisor

You’ll be brought to your Issues Dashboard. WIth all of our Issues, donut graphs highlight the total number of violations against the total number of governance policies, or Advisors. Locate Container running in Privileged Mode.

Issue Page

If you click on the issue, you can see an overview of how many entities are out of compliance along with a description of the Advisor.

Magalix - Pod Security Policies Advisor

Just like our Issues page, you will see graphs above totaling all the violations related to this advisor. Below, you’ll see each individual violation. After clicking on a violation, you can see the full breakdown in our Recommendation page.

Recommendation Page

Magalix - Pod Security Policies Advisor

1- Description

In every policy, we give a brief explanation of our policy.

2- Evidence

As a part of the violation, Magalix KubeAdvisor shows you your entity in YAML format. You can identify exactly where the problem is. In this case, search for privileged: true in your securityContext.

3- Resolution

This area provides suggestions on how you can resolve the violation.

4- History

At the bottom, we also show you how long this entity has been in violation, giving you some insight into whether or not any new issues are a result of this violation.

Conclusion

Containers running in privilege mode are essentially the same as providing root access to the node. Unless you have a specific use case, most pods and containers don’t require privileged access to your Kubernetes nodes. Allowing this setting leaves you at risk for potential exploitation. This is why we enable this Advisor by default.

Identify Containers Running as Root in Your Clusters Now

Comments and Responses

Related Articles

7 Notable and Costly Security Breaches

Learn some notable security breaches that happened a few years ago, the root causes, and how Magalix can help protect your Kubernetes infrastructure

Read more
Security Context Settings Help Mitigate Kubernetes Risk

Kubernetes isn't secure by default and is attacked relentlessly. But security context settings help DevOps teams better secure their pods and containers.

Read more
DevOps Policy as Code
Cloud Data Asset Management and Tagging Cloud Resources

Learn how cloud data asset management enables organizations to manage, optimize and secure their cloud data assets and resource tagging is a key part of it

Read more