When a container is allowed to share its host's PID namespace, it can see and in some cases even kill processes running on the host outside of the container. This violates the principle of least privilege - you will likely never need a pod to access other processes outside of its own namespace.
Targeted resources by this rule (types of kind): Deployment / Pod / DaemonSet / StatefulSet / ReplicaSet / CronJob / Job
Enabled by default? False
Policy as code identifier: CONTAINERS_INCORRECT_HOSTPID_VALUE_TRUE
If hostPID is set to true
Set the hostPID to false or removing it completely