Json Yaml Read Only Root Filesystem False
Description
Detects Kubernetes container configurations where the root filesystem is not set to read-only mode. Running containers with writable root filesystems poses a security risk as it allows potential attackers to modify system files and potentially gain elevated privileges on the host system.
Detection Strategy
• Inspect Kubernetes manifests (YAML/JSON) for container specifications
• Check if container's securityContext is present and contains readOnlyRootFilesystem field
• Report a vulnerability if readOnlyRootFilesystem is explicitly set to false
• Report a vulnerability if readOnlyRootFilesystem is not specified in the securityContext
• The configuration should include 'securityContext.readOnlyRootFilesystem: true' for each container specification
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
containers:
- name: nginx
image: nginx...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
# Prevent auto-mounting of service account tokens
automountServiceAccountToken: false
securityContext:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.