During a container-security engagement on a Kubernetes cluster, you gain an interactive shell inside a pod. The process hierarchy reveals the container is running in privileged mode, and a hostPath volume is mounted at /host that maps to the node's root filesystem (/). What single step would most effectively escalate your access to full root control of the underlying worker node?
Delete the compromised pod so Kubernetes will reschedule it on another node and hope it runs with higher privileges.
Execute chroot /host /bin/bash (or use nsenter) to switch the root to the mounted filesystem and obtain a root shell on the node.
Use kubectl port-forward to expose the pod and then SSH into the node from outside the cluster.
Flush all iptables rules from inside the container to disable the host firewall and pivot later.
A container that is both privileged and has a hostPath volume mounting the node's root filesystem removes two key isolation safeguards. Because the container is privileged, its processes can perform most kernel-level operations. With the host root filesystem exposed under /host, you can simply change the root directory to that path and spawn a shell. Entering the new namespace with chroot /host /bin/bash (or a similar command such as nsenter --mount=/proc/1/ns/mnt /bin/bash) drops you into the host environment as root, giving complete control of the node.
The other options either remain inside the container (flushing iptables or installing malware) or affect cluster scheduling without granting immediate node-level privileges (deleting the pod). They do not leverage the privileged flag plus hostPath mount to break out to the host.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does running a container in privileged mode mean?
Open an interactive chat with Bash
What is the purpose of the hostPath volume in Kubernetes?
Open an interactive chat with Bash
How does the `chroot` command escalate privileges?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cloud Computing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .