Privileged containers minimised
Description
Pod containers should not run with privileged: true. The watcher inspects each Pod's containers[].securityContext.privileged at admission and resync time.
⚠️ Risk Impact
A privileged container has full host access (mount host filesystem, load kernel modules, escape via capabilities). One privileged Pod = full node compromise = full cluster compromise.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as critical-severity findings with remediation guidance.
🔧 Remediation
Remove securityContext.privileged from container specs; use targeted capabilities instead of privileged.
🎯 MITRE ATT&CK Mapping
🔗 Cross-Framework References
Automate CIS Kubernetes 5.2.1 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →