KA-C006: Host PID namespace shared

Error Security PSS Baseline

CIS Kubernetes Benchmark v1.8, Section 5.2.4: Minimize the admission of containers sharing host PID namespace

Why This Matters

The pod shares the host PID namespace. Containers can see and signal all processes on the host, enabling process injection and information disclosure. PSS Baseline profile prohibits spec.hostPID=true.

How to Fix

Remove hostPID: true or set it to false

Before (incorrect)

spec:
  hostPID: true
  containers:
    - name: app

After (correct)

spec:
  hostPID: false
  containers:
    - name: app

Rule Details

Rule Code: KA-C006
Severity: Error
Category: Security

Related Rules

KA-C001 Error

Container runs as privileged

KA-C002 Error

Privilege escalation allowed

KA-C005 Error

Running with UID 0 (root)

KA-C007 Error

Host IPC namespace shared

KA-C010 Error

Dangerous capabilities added