Container is running with writable root filesystem Affecting Pod service in Kubernetes

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-ControlsCSA-CCM

Snyk IDSNYK-CC-K8S-8
creditSnyk Research Team

Report a new misconfiguration Found a mistake?

Description

Compromised process could abuse writable root filesystem to elevate privileges

How to fix?

Set spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem to true

Set security_context.read_only_root_filesystem to true

References

https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/