Control: Pod containers should not allow privilege escalation
Description
Containers in a Pod should not allow privilege escalation. A container running with the `allowPrivilegeEscalation` flag set to true may have processes that can gain more privileges than their parent.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.pod_container_privilege_escalation_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.pod_container_privilege_escalation_disabled --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when c -> 'securityContext' ->> 'allowPrivilegeEscalation' = 'false' then 'ok' else 'alarm' end as status, case when c -> 'securityContext' ->> 'allowPrivilegeEscalation' = 'false' then c ->> 'name' || ' can not request to allow privilege escalation.' else c ->> 'name' || ' can request to allow privilege escalation.' end as reason, name as pod_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_pod, jsonb_array_elements(containers) as c;