☑️ Prevent containers from mounting Docker socket

It is recommended to disallow Docker socket access to all pods running on a cluster. When a container has access to the Docker socket, it can effectively manage other containers on the host.

Targeted resources by this rule (types of kind): Deployment / Pod / DaemonSet / StatefulSet / ReplicaSet / CronJob / Job

Enabled by default? False

Policy as code identifier: CONTAINERS_INCORRECT_PATH_VALUE_DOCKERSOCKET

This rule will fail

If one of the volumes is targeting the /var/run/docker.sock path

Terminal

Rule output in the CLI

Text

How to fix this failure

Avoid mounting the Docker socket

YAML

Read more