# Dangerous Linux Capabilities Added

- ID: kubernetes-dangerous-capabilities
- Severity: CRITICAL
- CWE: CWE-250 (CWE-250)
- Languages: YAML
- Frameworks: kubernetes

## Description

Detects containers adding dangerous Linux capabilities like SYS_ADMIN, NET_ADMIN, or SYS_PTRACE.

## Detection Message

Container adds dangerous Linux capabilities like SYS_ADMIN, NET_ADMIN, or SYS_PTRACE.

## Remediation

Remove dangerous capabilities and drop ALL.

```yaml
securityContext:
  capabilities:
    drop: [ALL]
```

Learn more: https://shoulder.dev/learn/kubernetes/cwe-250/dangerous-capabilities

## Documentation

[object Object]

## Related Rules

- **Container runs as root** [HIGH]: 
- **Docker User and File Permissions** [HIGH]: 
- **Privilege Escalation Allowed** [HIGH]: 
- **Host Namespace Access Enabled** [CRITICAL]: 
- **Missing Capability Restrictions** [MEDIUM]: