You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current checks are focused around whether any hostPath could expose a path should it exist. For example, /etc/kubernetes/admin.conf would check if that or any parent paths are shared into a pod.
This should be expanded to include both the following:
Whether any path in a specified folder is exposed, for example /var/log/ - we don't necessarily care if we have the entire folder, or just a random path within
Wildcard paths - for example any /home/*/.ssh/authorized_keys might be deemed acceptable
Current checks are focused around whether any hostPath could expose a path should it exist. For example,
/etc/kubernetes/admin.confwould check if that or any parent paths are shared into a pod.This should be expanded to include both the following:
/var/log/- we don't necessarily care if we have the entire folder, or just a random path within/home/*/.ssh/authorized_keysmight be deemed acceptable