Home > Kubernetes > Deployment > Container does not drop all default capabilities
medium severity

Container does not drop all default capabilities (SNYK-CC-K8S-6)

Deployment Kubernetes Terraform

Issue

All default capabilities are not explicitly dropped

Impact

Containers are running with potentially unnecessary privileges

Resolve

Kubernetes
Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`
Terraform
Add `ALL` to `spec.container.security_context.capabilities.drop` list, and add only required capabilities to `spec.container.security_context.capabilities.add`, ensuring it also does not contain `ALL`

References