RunAsNonRoot false positive at Container level when is defined at Pod level

[franfernandez20]

• Feature
• Bug Report

BUG REPORT

SUMMARY

The security settings that you specify for a Pod apply to all Containers in the Pod.
So defining:

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  containers:
  - name: sec-ctx-demo
    securityContext:
      allowPrivilegeEscalation: false

As the container will run with the permission of user (1000) set on the Pod. The root user will not be allowed at container level.
Must not produce an error output: "RunAsNonRoot is not set in ContainerSecurityContext, which results in root user being allowed!"

ENVIRONMENT

• Kubeaudit version: 0.7.0
• Kubeaudit install method: Binary

STEPS TO REPRODUCE

Define runAsUser at Pod level and run kubeaudit nonroot

EXPECTED RESULTS

No errors in output for the containers of the defined pod

ACTUAL RESULTS

Report results: "RunAsNonRoot is not set in ContainerSecurityContext, which results in root user being allowed!"

ADDITIONAL INFORMATION

Running the report with JSON output, all container and cluster config
kubeaudit all -a --json --kubeconfig clusterconfig

[ghost]

Thanks for opening your first issue here! Be sure to follow the issue template!

[genevieveluyt]

Hey @franfernandez20, support for this was added in version 0.12. Please upgrade your kubeaudit version to 0.12 or later (the newest version is 0.14.1). If this is still an issue after upgrading feel free to reopen this issue.