Running containers as root user should be avoided
CRITICAL
Ensures containers do not run as the root user, limiting the impact of container breakout vulnerabilities.
What does this mean?
Running containers as root gives processes inside the container full root privileges. If an attacker escapes the container, they may gain root access to the underlying host. This recommendation enforces running containers as a non-root user.
Benefits of implementation
- Significantly reduces the impact of container escape vulnerabilities
- Required by CIS Kubernetes Benchmark and most security frameworks
- Follows the principle of least privilege
Drawbacks and considerations
- Some container images are built to run as root by default
- Requires rebuilding or reconfiguring existing images
- File permission issues may arise when switching to non-root
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- CRITICAL
- Category
- Container Security
- Azure Resource
- Frameworks
- 3 frameworks
- Last updated
- 2026-02-12