Policy does not prevent use of root user Affecting Deployment service in Kubernetes

Snyk CCSS

IAM / Privileged Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CIS-Kubernetes

Snyk ID SNYK-CC-00635
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

The Pod Security Policy does not prevent the use of the root user. Running a container as the root user in Kubernetes increases the attack surface by granting the container more privileges than necessary.

How to fix?

Set runAsUser to MustRunAsNonRoot, or exclude UID 0 from MustRunAs range.

Terraform

kubernetes_pod_security_policy

References

users-and-groups

Policy does not prevent use of root user Affecting Deployment service in Kubernetes

Severity

Description

How to fix?

Terraform

References