lacework-global-752
Minimize the admission of containers wishing to share the host Inter-Process Communication (IPC) namespace (Automated)
Description
Do not generally permit the running of containers with the hostIPC flag set to true.
Remediation
Add policies to each namespace in the cluster which has user workloads to restrict the admission of hostIPC containers.
References
https://kubernetes.io/docs/concepts/security/pod-security-policy/
https://kubernetes.io/docs/concepts/security/pod-security-admission/
https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/