- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
This assessment verifies whether Amazon ECS task definitions are set up to share a host’s process namespace with its containers. The assessment will not pass if the task definition allows the host’s process namespace to be shared with the containers it runs. This evaluation is based on the most recent active revision of an Amazon ECS task definition.
A Process ID (PID) namespace serves to isolate processes from one another, preventing system processes from being visible and allowing PIDs, including PID 1, to be reused. If the host’s PID namespace is shared with containers, it would grant containers visibility into all processes on the host system. This compromises the intended isolation between the host and its containers at the process level. Such a setup could potentially result in unauthorized access to host processes, enabling unauthorized manipulation or termination. Therefore, it is recommended that customers refrain from sharing the host’s process namespace with containers.
To configure the pidMode on a task definition, see Task definition parameters in the Amazon Elastic Container Service Developer Guide.