ArmoBest, NSA, YAML-scanning, AllControls
hostPath mount can be used by attackers to get access to the underlying host and thus break from the container to the host. (See “3: Writable hostPath mount” for details).
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
Check in POD spec if there are hostPath mounts.
Refrain from using host path mount.
apiVersion: v1 kind: Pod metadata: name: test-pd spec: containers: - image: k8s.gcr.io/test-webserver name: test-container volumeMounts: - mountPath: /test-pd name: test-volume volumes: - name: test-volume hostPath: #we are looking for this parameter path: /data
Updated about 2 months ago