KA-C005: Running with UID 0 (root)

Error Security PSS Restricted

CIS Kubernetes Benchmark v1.8, Section 5.2.6: Minimize the admission of root containers

Why This Matters

The container is explicitly configured to run as UID 0 (root). Running as root gives the process full filesystem access and may allow container breakout. PSS Restricted profile prohibits spec.containers[*].securityContext.runAsUser=0.

How to Fix

Set runAsUser to a non-zero UID (e.g., 1000)

Before (incorrect)

containers:
  - name: app
    securityContext:
      runAsUser: 0

After (correct)

containers:
  - name: app
    securityContext:
      runAsUser: 1000
      runAsNonRoot: true

Rule Details

Rule Code: KA-C005
Severity: Error
Category: Security

Related Rules

KA-C001 Error

Container runs as privileged

KA-C002 Error

Privilege escalation allowed

KA-C006 Error

Host PID namespace shared

KA-C007 Error

Host IPC namespace shared

KA-C010 Error

Dangerous capabilities added