Runtime/Default AppArmor profile not set
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The AppArmor profile for Kubernetes pods is not set to ‘runtime/default’ or is configured with a custom, non-standard profile. This means containers may run without the expected baseline security confinement provided by AppArmor.
Impact#
Without the ‘runtime/default’ AppArmor profile, containers could have fewer security restrictions, increasing the risk that a compromised container could escalate privileges or affect the host system. This weakens pod isolation and may expose the cluster to container breakout or lateral movement attacks.
Resolution#
set the ‘runtime/default’ value from ‘container.apparmor.security.beta.kubernetes.io’.