Skip to main content

Measures

SecurityContext at container level

Important Measures

In each podyaml should be the entry

spec:
...
  containers:
…
    securityContext:
     runAsUser: 6789 ## Zufällige Nummer
      allowPrivilegeEscalation: false
…

Which binds the user in the container to 6789 and prevents rights escalation.

Included in the following risks

Overlapping UIDs Between Kubernetes Containers and Host VM