lacework-global-783
Minimize the admission of root containers (Automated)
Description
Do not generally permit the running of containers as the root
user.
Remediation
Create a policy for each namespace in the cluster, ensuring to set either MustRunAsNonRoot
or MustRunAs
with the range of UIDs not including 0
.
References
https://kubernetes.io/docs/concepts/security/pod-security-policy/
https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/