C-0211 - Apply Security Context to Your Pods and Containers
Framework
cis-v1.23-t1.0.1, cis-aks-t1.2.0, security, cis-eks-t1.2.0
Severity
High
Description of the the issue
A security context defines the operating system security settings (uid, gid, capabilities, SELinux role, etc..) applied to a container. When designing your containers and pods, make sure that you configure the security context for your pods, containers, and volumes. A security context is a property defined in the deployment yaml. It controls the security parameters that will be assigned to the pod/container/volume. There are two levels of security context: pod level security context, and container level security context.
Related resources
ControlPlaneInfo, CronJob, DaemonSet, Deployment, Job, Pod, PodSecurityPolicy, ReplicaSet, StatefulSet
What does this control test
Check that pod and container security context fields according to recommendations in CIS Security Benchmark for Docker Containers
How to check it manually
Review the pod definitions in your cluster and verify that you have security contexts defined as appropriate.
Remediation
Follow the Kubernetes documentation and apply security contexts to your pods. For a suggested list of security contexts, you may refer to the CIS Security Benchmark for Docker Containers.
Impact Statement
If you incorrectly apply security contexts, you may have trouble running the pods.
Default Value
By default, no security contexts are automatically applied to pods.
Example
No example
Updated 11 days ago