Pod containers should not share the host IPC namespace
Controls whether the pod containers can share the host process IPC. This is required for proper isolation between the container and the underlying host.
Risk Level: Critical
Cloud Entity: Pods
CloudGuard Rule ID: D9.K8S.AC.18
Covered by Spectral: No
Category: Compute
GSL LOGIC
KubernetesPod should not have spec.hostIPC=true
REMEDIATION
Pods
Pods are the smallest deployable units of computing that can be created and managed in Kubernetes.A Pod is a group of one or more containers (such as Docker containers), with shared storage/network, and a specification for how to run the containers.
Compliance Frameworks
- Container Admission Control
- Container Admission Control 1.0
Updated about 1 year ago