lacework-global-752
Minimize the admission of containers wishing to share the host Inter-Process Communication (IPC) namespace (Automated)
Description
Do not generally permit the running of containers with the hostIPC
flag set to true
.
Remediation
Add policies to each namespace in the cluster which has user workloads to restrict the admission of hostIPC
containers.
References
https://kubernetes.io/docs/concepts/security/pod-security-policy/
https://kubernetes.io/docs/concepts/security/pod-security-admission/
https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/