Misconfigured PodSecurityPolicy Allowed Privileged Containers

Pods were running with privileged: true due to a permissive PodSecurityPolicy (PSP) left enabled during testing.

Find this helpful?

What Happened

Developers accidentally left a wide-open PSP in place that allowed privileged containers, host networking, and host path mounts. This allowed a compromised container to access host files.

Diagnosis Steps

1Audited active PSPs.
2Identified a PSP with overly permissive rules.
3Found pods using privileged: true.

Root Cause

Lack of PSP review before production deployment.

Fix/Workaround

• Removed the insecure PSP.
• Implemented a restrictive default PSP.
• Migrated to PodSecurityAdmission after PSP deprecation.

Lessons Learned

Security defaults should be restrictive, not permissive.

How to Avoid

1Review PSP or PodSecurity configurations regularly.
2Implement strict admission control policies.

Previous Scenario Next Scenario