lacework-global-753
Minimize the admission of containers wishing to share the host network namespace (Automated)
Description
Do not generally permit the running of containers with the hostNetwork
flag set to true
.
Remediation
Add policies to each namespace in the cluster which has user workloads to restrict the admission of hostNetwork
containers.
References
https://kubernetes.io/docs/concepts/security/pod-security-policy/
https://kubernetes.io/docs/concepts/security/pod-security-admission/
https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/