K
Q

Pod security policy Nonrootuser is not allowing tcpdump inside container

5/1/2020

PodSecurityPolicy:

privileged: false
  allowPrivilegeEscalation: true
  defaultAllowPrivilegeEscalation: false
  allowedCapabilities:
  - NET_ADMIN
  defaultAddCapabilities: []
  requiredDropCapabilities:
  - ALL
  runAsUser:
    rule: 'MustRunAsNonRoot'

SecurityContect in deployment.yaml

privileged: false
allowPrivilegeEscalation: true
runAsUser: 1001
capabilities:
    add:
    - NET_ADMIN

TCPDUMP not permit operation inside constainer with nonrootuser. I think only rootuser container can be permission for tcpdump operation. Can anyone please let me know do we have any configuration in pod policy and security context to achieve the same in nonrootuser.

-- Yamini
kubernetes-security

Similar Questions

Java RAM Percentage options ignored
Root Cause for an intermittent UnknownHostException from Java Service?
Not able to start a pod using kubectl and minikube despite setting ImagePullPolicy=Never
kubernetes hostPath volume behaviour on a cluster with nore than one node

0 Answers