Containers wishing to share host IPC namespace admitted

Description

The host IPC namespace controls whether a pod's containers can be shared. You can administer cluster-level restrictions to ensure that containers remain isolated using PodSecurityPolicy and ensuring hostIPC is set to False. Preventing sharing of host PID/IPC namespace, networking, and ports ensures proper isolation between Docker containers and the underlying host.

Code Example

yaml

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: <policy name>
spec:
+ hostIPC: false

Remediation

Kubernetes

Resource: PodSecurityPolicy
Arguments: hostIPC Determines if the policy allows the use of HostIPC in the pod spec.

Rule Details

Field	Value
ID	IAC-1081
Severity	MEDIUM
IaC Type	Kubernetes
Frameworks	Kubernetes,
Checkov ID	CKV_K8S_3

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Containers wishing to share host IPC namespace admitted ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Containers wishing to share host IPC namespace admitted

Description

Code Example

Remediation

Rule Details

References