Container is running with writable root filesystem Affecting Pod service in Kubernetes

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM

Snyk ID SNYK-CC-K8S-8
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Compromised process could abuse writable root filesystem to elevate privileges

How to fix?

Set spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem to true

References

https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/