stackoom
  简体   繁体   中英

Kubernetes pod security policies uid/gid ranges

 原文  2019-10-10 21:09:43       security/ kubernetes

Question

I need to allow the ranges 0-1000, and 6000-7000 to be used for application deployments, and forbid all others.

Does this configuration will prevent someone to exec into pod/container and can switch to some other uid/gid?

1 answers

solution1
 0  2019-10-11 04:32:34

Linux does not normally permit non-root users to exec as other UID/GIDs without something like sudo . As long as you also limit capabilities, privileged , privilege escalation and unsafe mount types, you can be fairly certain your pods will only run with processes as the UID/GIDs that you specify.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why many servers change its uid and gid,what's the benefit? Firefox Extension Security Policies Android Security Changing UID Embedded Jetty with Java Security Policies Should security headers/policies be set in nginx or express? Do Content Security Policies support a wildcard suffix security context in kubernetes deployment Applying ServiceAccount specific OPA policies through Gatekeeper in kubernetes What is happening when I have two CSP (Content Security Policies) policies - header & meta? How to implement multiple Content-Security-Policies and headers?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM