A container runs with securityContext.privileged: true. Privileged containers have near root-equivalent power on the node and significantly increase attack surface; avoid unless strictly required.
Warning
N/A
- Report shows: Container <name> in pod <ns>/<pod> runs in privileged mode
- Pod or container securityContext.privileged is true
- Determine if privileged is really needed; many cases can use capabilities, read-only root filesystem, or specific volume mounts
- Remove securityContext.privileged: true; add only needed capabilities via securityContext.capabilities
- If it must remain (e.g. node-level tooling), isolate in a dedicated namespace and nodes and use network policies and audit
- Use Pod Security Standards/Policy to restrict or disallow privileged