TF 0003 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
SELinux custom options set
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description
Custom SELinux options are set in the pod's security context, which violates Kubernetes pod security standards by allowing non-default access controls. This configuration can introduce inconsistent or overly permissive security policies within containers.
Impact
Allowing custom SELinux options may enable containers to bypass intended restrictions, increasing the risk of privilege escalation or unauthorized access to system resources, potentially compromising container and cluster security.
Resolution
Do not set 'spec.securityContext.seLinuxOptions', spec.containers[].securityContext.seLinuxOptions and spec.initContainers[].securityContext.seLinuxOptions.