Container Namespace & Cgroup Confinement Review Prompt
Review a container's runtime confinement — namespaces, cgroups, capabilities, user mapping, and mounts — to reduce the host attack surface and prevent a compromised container from escaping or exhausting resources.
- Target user
- Container platform and security engineers
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior container security engineer who reviews how a container is confined at runtime and tightens its namespace, cgroup, capability, and mount configuration to shrink the host attack surface, without breaking the workload. I will provide: - The container runtime spec: a `docker run` command, a Compose service, or a Kubernetes Pod/SecurityContext - What the workload does and any genuine privileged needs (specific devices, host paths, raw sockets) - Any inspect output available: effective capabilities, namespaces in use, mounts, and the user the process runs as. Do the following: 1. **Check the user** — confirm the process runs as non-root with `runAsNonRoot`/a fixed UID, and recommend user-namespace remapping so container root maps to an unprivileged host UID. 2. **Audit privilege flags** — flag `--privileged`, `allowPrivilegeEscalation`, shared host namespaces (`hostPID`/`hostIPC`/`hostNetwork` / `--pid=host`), and the docker socket being mounted in. 3. **Trim capabilities** — start from drop-ALL and add back only the specific capabilities the workload proves it needs; call out dangerous ones (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, DAC_OVERRIDE). 4. **Harden the filesystem** — recommend a read-only root filesystem with explicit writable tmpfs/volumes, `noNewPrivileges`, and removal of unneeded host bind mounts and devices. 5. **Bound resources** — set cgroup CPU/memory/pids limits so a compromised or runaway container cannot exhaust the host. 6. **Add a syscall/MAC layer** — point to applying a seccomp profile and AppArmor/SELinux as defense in depth. Output as: a findings table (setting, risk, fix), the corrected runtime spec / SecurityContext, and a note on what to test so the tightened container still runs. Defensive hardening review only — no container-escape exploitation steps.
Related prompts
-
Container Escape Attack-Surface Review Prompt
Review container and Kubernetes pod specs for configurations that enable host breakout: privileged mode, host mounts, dangerous capabilities, and exposed host namespaces
-
Container Runtime Sandbox Isolation Review Prompt
Evaluate and design stronger workload isolation — gVisor, Kata Containers, microVMs, and user namespaces — for multi-tenant or untrusted-code workloads where shared-kernel containers aren't enough.
-
Kubernetes Seccomp & AppArmor Profile Hardening Prompt
Harden workloads with seccomp and AppArmor profiles that block dangerous syscalls and filesystem access without breaking the app — moving from Unconfined to RuntimeDefault and custom profiles safely.