lacework-global-751
Minimize the admission of containers wishing to share the host process ID namespace (Automated)
Description
Do not generally permit the running of containers with the hostPID
flag set to true
.
Remediation
Add policies to each namespace in the cluster which has user workloads to restrict the admission of hostPID
containers.
References
https://kubernetes.io/docs/concepts/security/pod-security-policy/
https://kubernetes.io/docs/concepts/security/pod-security-admission/
https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/