PSP set to privileged

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > PSP set to privileged

Metadata

Id: c48e57d3-d642-4e0b-90db-37f807b41b91

Cloud Provider: k8s

Framework: Kubernetes

Severity: High

Category: Insecure Configurations

Learn More

Provider Reference

Description

Pods should not be allowed to request execution as privileged.

Compliant Code Examples

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  privileged: false
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'

Non-Compliant Code Examples

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  privileged: true 
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'