KA-C007: Host IPC namespace shared

Error Security PSS Baseline

CIS Kubernetes Benchmark v1.8, Section 5.2.3: Minimize the admission of containers sharing host IPC namespace

Why This Matters

The pod shares the host IPC namespace. Containers can access host shared memory segments and semaphores, potentially reading sensitive data from other processes. PSS Baseline profile prohibits spec.hostIPC=true.

How to Fix

Remove hostIPC: true or set it to false

Before (incorrect)

spec:
  hostIPC: true
  containers:
    - name: app

After (correct)

spec:
  hostIPC: false
  containers:
    - name: app

Rule Details

Rule Code: KA-C007
Severity: Error
Category: Security

Related Rules

KA-C001 Error

Container runs as privileged

KA-C002 Error

Privilege escalation allowed

KA-C005 Error

Running with UID 0 (root)

KA-C006 Error

Host PID namespace shared

KA-C010 Error

Dangerous capabilities added