Least Privilege Containers: Keeping a Bad Day from Getting Worse

The presentation discusses the importance of running containers as non-root for improved security and provides strategies for migrating to non-root containers.

• Running containers as non-root provides significant security benefits
• Migrating to non-root containers can be done through a programmatic approach
• Stateless containers are easier to migrate than those with volume mounts
• The host users feature in Kubernetes makes it easier to run containers as non-root
• There are vulnerabilities in the Linux kernel that can be exploited to break out of containers
• The presentation offers a demo of running an nginx container as non-root

The presenter demonstrates how running an nginx container as root can lead to vulnerabilities in the Linux kernel that can be exploited to break out of containers. They also show how the host users feature in Kubernetes can be used to run containers as non-root, which improves security.

“Don’t run containers as root”. The K8s security community has been saying this for years. There’s tools that can detect these types of misconfigurations. But detection, and knowing you have a problem, is just the start of the journey. How do you actually fix it? What can you do if those permissions are required for the container to work?We’ve run multiple de-privileging efforts for production containers. In 2020 we focused on converting containers from running as root to running as unprivileged users. In 2021 we moved containers to minimal distroless images. For some containers the solution was as simple as removing unused permissions. But sometimes we needed to do something more drastic, like charge the design of the container to segment out powerful permissions, or split functionality out into initContainers. We’ll share how we approached these tasks, what we learned working through problems with container owners, and describe how we put checks in place to prevent new privileged containers from appearing in the future.