KA-C015: Docker socket mounted

Error Security

CIS Kubernetes Benchmark v1.8, Section 5.2.12: Minimize the admission of HostPath volumes

Why This Matters

A hostPath volume mounts the Docker socket (/var/run/docker.sock). This gives the container full control over the Docker daemon, enabling container escape, image manipulation, and host compromise. CIS Benchmark recommends against this.

How to Fix

Remove the Docker socket mount; use the Kubernetes API instead

Before (incorrect)

volumes:
  - name: docker-sock
    hostPath:
      path: /var/run/docker.sock

After (correct)

volumes:
  - name: app-data
    emptyDir: {}

Rule Details

Rule Code: KA-C015
Severity: Error
Category: Security

Related Rules

KA-C001 Error

Container runs as privileged

KA-C002 Error

Privilege escalation allowed

KA-C005 Error

Running with UID 0 (root)

KA-C006 Error

Host PID namespace shared

KA-C007 Error

Host IPC namespace shared