Query: Pod containers should not allow privilege escalation

Description

Containers in a Pod should not able to access any specific paths of the host file system. There are many ways a container with unrestricted access to the host filesystem can escalate privileges, including reading data from other containers, and abusing the credentials of system services, such as Kubelet.

Query

Tables used in this query:

• kubernetes_pod

Controls using this query:

• Pod containers should not allow privilege escalation

SQL