Summary
The optional NFS client installer creates a DaemonSet that mutates every node. It uses hostPID, hostNetwork, all-node tolerations, and a privileged init container that nsenters into PID 1 to run apt-get install nfs-common, from mutable base image tags. This is a node-administration mechanism shipped inside an application chart. It is off by default.
Severity: Medium · CWE-250 (Execution with Unnecessary Privileges)
Validation: Confirmed against HEAD f932d80 on 2026-07-14 (assessed at 69c84f7; unchanged since).
Evidence
- Opt-in / disabled by default:
values.yaml:203 installClient: false; templates/nfs-client-installer.yaml:1 requires sharedStorage.nfsServer.installClient (on top of sharedStorage + nfsServer) to render.
- DaemonSet spec:
templates/nfs-client-installer.yaml:7 (kind DaemonSet), :23 hostPID: true, :24 hostNetwork: true, :25-26 all-node toleration (operator: Exists).
- Privileged host mutation:
nfs-client-installer.yaml:28-47 runs nsenter -t 1 -- bash -c 'apt-get update && apt-get install -y nfs-common' with securityContext: {privileged: true}.
- Mutable tags:
ubuntu:22.04 (:29) and alpine:3 (:50), no digests.
Impact
Compromise of the image, the package mirror, or the DaemonSet spec can execute arbitrary host commands across every node and persist changes outside Kubernetes rollback. The blast radius is the node fleet, not a single application pod.
Remediation
- Provision prerequisites in node images or infrastructure automation.
- If retained as an emergency tool, separate it from the application chart, pin images and packages, restrict nodes, require manual approval, record mutations, and remove it immediately after verification.
Acceptance criteria
Related
Source: data-science-pack 0.1.0 security assessment (pinned commit 69c84f72df259ec755ed40bfc83f20158c550d55), finding M-04.
Summary
The optional NFS client installer creates a DaemonSet that mutates every node. It uses
hostPID,hostNetwork, all-node tolerations, and a privileged init container thatnsenters into PID 1 to runapt-get install nfs-common, from mutable base image tags. This is a node-administration mechanism shipped inside an application chart. It is off by default.Severity: Medium · CWE-250 (Execution with Unnecessary Privileges)
Validation: Confirmed against HEAD
f932d80on 2026-07-14 (assessed at69c84f7; unchanged since).Evidence
values.yaml:203installClient: false;templates/nfs-client-installer.yaml:1requiressharedStorage.nfsServer.installClient(on top of sharedStorage + nfsServer) to render.templates/nfs-client-installer.yaml:7(kind DaemonSet),:23hostPID: true,:24hostNetwork: true,:25-26all-node toleration (operator: Exists).nfs-client-installer.yaml:28-47runsnsenter -t 1 -- bash -c 'apt-get update && apt-get install -y nfs-common'withsecurityContext: {privileged: true}.ubuntu:22.04(:29) andalpine:3(:50), no digests.Impact
Compromise of the image, the package mirror, or the DaemonSet spec can execute arbitrary host commands across every node and persist changes outside Kubernetes rollback. The blast radius is the node fleet, not a single application pod.
Remediation
Acceptance criteria
hostPID/hostNetworkprivileged DaemonSet.Related
nfs-server.yamlas running privileged, but only asks to document the justification. This issue is about removing host mutation from the application chart.Source: data-science-pack 0.1.0 security assessment (pinned commit
69c84f72df259ec755ed40bfc83f20158c550d55), finding M-04.