A container that runs with hostPID set has visibility into processes running on the host, which could expose information including environment variables to an attacker.
Ensure that a Kubernetes.Pod has hostPID set to false, or not specified. By default, hostPID is set to false.
- name: hello
command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']
# other required fields here
Pods should not run privileged containers
Pods should not run containers wishing to share the host IPC namespace