Detections
Analytics

Ensure mounting of hostPaths is disallowed in Kubernetes workload configuration

HIGH

Description

Allowing hostPaths to mount to pod arise the probability of getting access to the node's filesystem.

Remediation

Make sure that hostPath volume is not allowed. However, if allowed, ensure that allowed hostPaths are only mounted and are readonly.

Policy Details

Rule Reference ID: AC_K8S_0076
CSP: Kubernetes
Remediation Available: No
Domain: Identity and Access Management
Resource: kubernetes_pod
Resource Category: Compute
Resource Type: Pod

Frameworks