Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configuration

MEDIUM

Description

Container images with readOnlyRootFileSystem set as false mounts the container root file system with write permissions.

Remediation

The parameter 'readOnlyrootFileSystem' controls whether a container will be able to write into the root filesystem Therefore, make sure your Kubernetes workload configuration's securityContext field' 'readOnlyRootFileSystem' is set as true.

Policy Details

Rule Reference ID: AC_K8S_0078
Remediation Available: No
Resource: kubernetes_pod
Resource Category: Compute
Resource Type: Pod

Frameworks