0

I want to enable mount inside my kubernetes pod (it's different with declaring volumemount as yaml file)

I found the ways to mount using

privileged: true

or

capabilities: 
  add:
    - SYS_ADMIN

on securityContext but, this permission could cause critical problems.

I've checked all of capabilities, but I found that only SYS_ADMIN have permission to mount.

https://man7.org/linux/man-pages/man7/capabilities.7.html

will there be another ways to mount inside pod?

Kyroo0
  • 39
  • 1
  • 6
  • 2
    I'm fairly sure, if you can mount(2) a filesystem, you can use it to escape the container (manually bind-mount the host's root directory, for example), so those permissions are not necessarily wrong. I'd recommend trying to stay within Kubernetes's volume system rather than have your containers trying to mount things. – David Maze Jul 15 '22 at 10:39
  • @DavidMaze I did found mount(2) inside CAP_SYS_ADMIN but, this function needs SYS_ADMIN's privilege. https://man7.org/linux/man-pages/man2/mount.2.html – Kyroo0 Jul 17 '22 at 03:41
  • @Kyroo0 Please refer to this [link](https://stackoverflow.com/questions/69393448/secure-way-to-mount-cifs-smb-share-from-container-without-privileged-flag-or-sys). It will help. – Ramesh kollisetty Jul 28 '22 at 10:26

0 Answers0