Privileged containers should be avoided

What does this mean?

Privileged containers have almost unrestricted access to the host system, including all devices, kernel capabilities, and the ability to modify host configurations. This recommendation ensures no containers run in privileged mode.

Benefits of implementation

• Eliminates the most dangerous container configuration
• Prevents trivial container-to-host escapes
• Required by virtually all security frameworks and benchmarks

Drawbacks and considerations

• Certain infrastructure containers (CNI plugins, storage drivers) may need privileged access
• Requires careful evaluation of what can run without privileges
• Alternative approaches like specific capabilities may be needed

Implementation

Implementation guidance coming soon.

Related recommendations

Related recommendations will be linked here.