Query: Pod Security Policy should prohibit containers from running as root

Description

Pod Security Policy should prohibit containers from running as root. Containers in a Pod should not run with root privileges. By default, many container services run as the privileged root user, and applications execute inside the container as root despite not requiring privileged execution. Preventing root execution by using non-root containers or a rootless container engine limits the impact of a container compromise.

Query

Tables used in this query:

• kubernetes_pod_security_policy

Controls using this query:

• 5.2.6 Minimize the admission of root containers
• Pod Security Policy should prohibit containers from running as root

SQL