<img src="https://ws.zoominfo.com/pixel/JHVDdRXH2uangmUMQBZd" width="1" height="1" style="display: none;">

Pod Security Policies Advisor - Container running with PrivilegeEscalation Enabled

DevOps Kubernetes Governance Policies
Pod Security Policies Advisor - Container running with PrivilegeEscalation Enabled
DevOps Kubernetes Governance Policies

Overview

Containers running with privilegeEscalation enabled are allowing container processes to elevate privileges they don’t have to begin with. This would be the equivalent of providing sudo access to your Linux servers. With the same care you provide access to your servers, the same attention should be given to your running containers.

How Magalix Helps?

As part of our best practices, Magalix KubeAdvisor ships with a governance Advisor that detects when your pods are running with privilegeEscalated set to true. We identify when all of your clusters have potential issues, so you don’t have to.

Identifying the Issue

Issues Dashboard

When logging into the Magalix console, find your cluster and drill down to Issues using the navigation bar on the left.Pod Security Policies Advisor - Container running with PrivilegeEscalation Enabled

You’ll be brought to the Issues Dashboard. The top part of the page displays graphs highlighting the total number of violations against the total number of governance policies, or as we call them, Advisors.

In the lower half of the page, locate Container running in PrivilegedEscalated Enabled.

Issue Page

If you click on the issue, you can see an overview of how many entities are out of compliance along with a description of the Advisor.Pod Security Policies Advisor - Container running with PrivilegeEscalation Enabled

At the bottom half of the page, you will see each individual violation. After clicking on an entity, you can see the full breakdown in our Recommendation page.

Recommendation PagePod Security Policies Advisor - Container running with PrivilegeEscalation Enabled

1- Description

In every policy, we give a brief explanation of our policy.

2- Evidence

As a part of the violation, Magalix KubeAdvisor shows you your entity in YAML format. You can identify exactly where the problem is. Search for allowPrivilegeEscalation: true in your securityContext.

3- Resolution

This area provides suggestions on how you can resolve the violation.

4- History

At the bottom, we also show you how long this entity has been in violation, giving you some insight into whether or not any new issues are a result of this violation.

Conclusion

As you would protect elevated privileges on any of your servers, you must take the same careful measures with your container workloads. Allowing child processes with more privileges than their parent process, such as sudo, can open you to exploitation. At Magalix, we want to make sure we are covering the basics, that’s why we have this best practice Advisory enabled by default. We want you to know when you are at risk. See if any of your containers are able to run with escalated privileges now before someone else does.

Check Now

Comments and Responses

Related Articles

Product In-Depth: Enforce Policies and Standards from a Single Console

Magalix provides a single management interface to control, enforce and visualize the state of compliance for all of your clusters.

Read more
Product In-Depth: Centralized Policy Management

achieving DevSecOps isn’t as difficult as you may have been led to believe. Interested in learning more about how to start resolving violations in minutes

Read more
Product In Depth: Detailed Violation Analysis

Security, compliance, and governance are not just one-time events that happen every so often. Managing a compliant environment is a 24x7 operation.

Read more