Minio is allowing Privilege escalation and run as Root #2732
Labels
area/security
Issue is about security failures, weaknesses, or has security implications
kind/bug
Something isn't working
kind/enhancement
New feature or request
Is your feature request related to a problem? Please describe.
Minio Pod is not following security best practices, which could be a high risk for enterprise operations.
By not explicitly
denying privilege escalation
, permits a process created within the container to execute a set-user-id, set-group-id, or file capability executable to gain the privileges specified by the executable.By not explicitly
denying container run as root
, an attacker could gains access to the container and have full control over the host system.Describe the solution you'd like
Implement:
spec.securityContext.runAsNonRoot
spec.containers[*].securityContext.allowPrivilegeEscalation
Screenshot of Security Context section
The text was updated successfully, but these errors were encountered: