Back to all scenarios
Scenario #258
Security
K8s v1.20, On-Premise

Privileged Containers Running Without Seccomp or AppArmor Profiles

Privileged containers were running without seccomp or AppArmor profiles, leaving the host vulnerable to attacks.

Find this helpful?
What Happened

Several containers were deployed with the privileged: true flag, but no seccomp or AppArmor profiles were applied. These containers had unrestricted access to the host kernel, which could lead to security breaches if exploited.

Diagnosis Steps
  • 1Reviewed container configurations and identified containers running with the privileged: true flag.
  • 2Checked if seccomp or AppArmor profiles were applied and found that none were in place.
Root Cause

Running privileged containers without applying restrictive security profiles (e.g., seccomp, AppArmor) exposes the host to potential exploitation.

Fix/Workaround
• Disabled the privileged: true flag unless absolutely necessary and applied restrictive seccomp and AppArmor profiles to all privileged containers.
• Used Kubernetes security policies to prevent the deployment of privileged containers without appropriate security profiles.
Lessons Learned

Avoid running containers with excessive privileges. Always apply security profiles to limit the scope of potential attacks.

How to Avoid
  • 1Use Kubernetes PodSecurityPolicies (PSPs) or admission controllers to restrict privileged container deployments.
  • 2Enforce the use of seccomp and AppArmor profiles for all containers.
Previous ScenarioNext Scenario