A privileged container is given access to all devices on the host and can work at the kernel level. It is declared using the
Pod.spec.containers.securityContext.privileged attribute. This may be useful for infrastructure containers that perform setup work on the host, but is a dangerous attack vector.
Minimize the use of privileged containers.
Use Pod Security Policies to enforce using
privileged: false policy.