Pod does not run any container as the root user
core_minimize_root_containers_admission
Kubernetes Pods are assessed for containers configured to run as the root user. The evaluation identifies containers whose security context sets runAsUser: 0.
Risk
Containers running as root (UID 0) enable privilege escalation and container breakout. Attackers can modify workloads (integrity), read sensitive data on mounted volumes (confidentiality), and disrupt nodes or services via kernel/daemon abuse (availability).
prowler kubernetes --checks core_minimize_root_containers_admission
Recommendation
Require non-root execution and enforce least privilege:
- Set
runAsNonRoot: trueand a non-zerorunAsUser - Use images with a defined non-root UID
- Apply Pod Security Standards - restricted or policies to block UID
0 - Use
allowPrivilegeEscalation: falseand drop unnecessary capabilities
Remediation
kubectl patch pod <POD_NAME> -n <NAMESPACE> --type=strategic -p '{"spec":{"containers":[{"name":"<CONTAINER_NAME>","securityContext":{"runAsUser":1000}}]}}'
- In your Kubernetes dashboard or kubectl editor, open the workload (Deployment/StatefulSet/DaemonSet) that created the failing Pod.
- Edit the YAML and set a non-root UID for the specific container:
spec: template: spec: containers: - name: <CONTAINER_NAME> securityContext: runAsUser: 1000 # Critical: non-zero UID - Save and apply. Wait for the new Pod to start and verify the finding is resolved.
Source Code
Resource Type
Pod
References
- https://kubernetes.io/docs/tutorials/security/cluster-level-pss/
- https://kubernetes.io/docs/concepts/security/pod-security-standards/
- https://kyverno.io/policies/pod-security/restricted/require-run-as-nonroot/require-run-as-nonroot/
- https://support.icompaas.com/support/solutions/articles/62000234712-minimize-the-admission-of-root-containers