Ensure admission of containers with added capability is minimized
Error: Admission of containers with added capability is not minimized
Bridgecrew Policy ID: BC_K8S_24
Checkov Check ID: CKV_K8S_25
Severity: LOW
Admission of containers with added capability is not minimized
Description
Containers run with a default set of capabilities as assigned by the Container Runtime. By default this can include potentially dangerous capabilities. With Docker as the container runtime the NET_RAW capability is enabled which may be misused by malicious containers. Ideally, all containers should drop this capability.
Updated 6 months ago
Did this page help you?