πΌ [ECS.3] ECS task definitions should not share the host's process namespace
-
Contextual name: πΌ [ECS.3] ECS task definitions should not share the host's process namespace
-
ID:
/frameworks/aws-fsbp-v1.0.0/ecs/03 -
Located in: πΌ Elastic Container Service (ECS)
Descriptionβ
A process ID (PID) namespace provides separation between processes. It prevents system processes from being visible, and allows PIDs to be reused, including PID 1. If the host's PID namespace is shared with containers, it would allow containers to see all of the processes on the host system. This reduces the benefit of process level isolation between the host and the containers. These circumstances could lead to unauthorized access to processes on the host itself, including the ability to manipulate and terminate them. Customers shouldn't share the host's process namespace with containers running on it.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-db1f78c5
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ CA-9(1) Internal System Connections _ Compliance Checks | 15 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-2 Baseline Configuration | 7 | 13 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|