SYS_ADMIN capability should not be added to the container
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Kubernetes | PERMISSION |
Description
SYS_ADMIN is the most privileged capability for a container. It is equivalent to root and should always be avoided.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
SYS_ADMIN capability enables to perform a range of system administration operations, and thus exposes the machine on which the container runs to various attacks.
Remediation guidelines
Remove SYS_ADMIN from the container capabilities. This can be done by changing 'containers[].securityContext.capabilities.add'.