Skip to main content

KA-C001: Container runs as privileged

Error Security PSS Baseline

CIS Kubernetes Benchmark v1.8, Section 5.2.1: Ensure that the cluster has at least one active policy control mechanism in place

Why This Matters

Running a container in privileged mode disables most container isolation mechanisms. The container gains full access to the host kernel and devices. PSS Baseline profile prohibits spec.containers[*].securityContext.privileged=true.

How to Fix

Remove privileged: true or set it to false

Before (incorrect)

containers:
  - name: app
    securityContext:
      privileged: true

After (correct)

containers:
  - name: app
    securityContext:
      privileged: false

Rule Details

Rule Code
KA-C001
Severity
Error
Category
Security

Related Rules

KA-C002 Error

Privilege escalation allowed
KA-C005 Error

Running with UID 0 (root)
KA-C006 Error

Host PID namespace shared
KA-C007 Error

Host IPC namespace shared
KA-C010 Error

Dangerous capabilities added