ETCD ownership related checks fail with job.yaml

[i-karina]

Overview

ETCD ownership related checks will always failed when running in container. Issue similar to https://github.com/aquasecurity/kube-bench/issues/842 which related to job-master.yaml Mounting directories from host in job.yaml helps with the issue: /erc/passwd and /etc/group

How did you run kube-bench?

kubectl apply -f job.yaml

What happened?

ETCD ownership check always fail:

$ stat -c %U:%G /var/lib/etcd etcd:etcd

$ sudo ls -la /var/lib/ | grep etcd drwx------ 3 etcd etcd 4096 Sep 12 13:43 etcd

[FAIL] 1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd (Automated) ... 1.1.12 On the etcd server node, get the etcd data directory, passed as an argument --data-dir, from the command 'ps -ef | grep etcd'. Run the below command (based on the etcd data directory found above). For example, chown etcd:etcd /var/lib/etcd

ps -ef | grep etcd root 10346 10256 2 Sep12 ? 00:26:53 etcd --advertise-client-urls=https://192.168.122.109:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd

What did you expect to happen:

1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd (Automated) check passes

Environment

kube-bench run from main branch: https://github.com/aquasecurity/kube-bench/tree/main (image: docker.io/aquasec/kube-bench:v0.6.9)

K8s 1.23.3