SELinux custom options set
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
Custom SELinux options are set in the pod’s security context, which violates Kubernetes pod security standards by allowing non-default access controls. This configuration can introduce inconsistent or overly permissive security policies within containers.
Impact#
Allowing custom SELinux options may enable containers to bypass intended restrictions, increasing the risk of privilege escalation or unauthorized access to system resources, potentially compromising container and cluster security.
Resolution#
Do not set ‘spec.securityContext.seLinuxOptions’, spec.containers[].securityContext.seLinuxOptions and spec.initContainers[].securityContext.seLinuxOptions.