AWS eks documentation change
Summary
Updated URL from markdown link syntax to plain URL format for Linux capabilities documentation
Security assessment
The change is purely presentational, converting a markdown link to a plain text URL. The security content about container privileges and capabilities remains unchanged, with no indication of addressing a vulnerability or modifying security guidance.
Diff
diff --git a/eks/latest/best-practices/pod-security.md b/eks/latest/best-practices/pod-security.md index d7cac6901..207971afe 100644 --- a//eks/latest/best-practices/pod-security.md +++ b//eks/latest/best-practices/pod-security.md @@ -13 +13 @@ The pod specification includes a variety of different attributes that can streng -The processes that run within a container run under the context of the [Linux] root user by default. Although the actions of root within a container are partially constrained by the set of Linux capabilities that the container runtime assigns to the containers, these default privileges could allow an attacker to escalate their privileges and/or gain access to sensitive information bound to the host, including Secrets and ConfigMaps. Below is a list of the default capabilities assigned to containers. For additional information about each capability, see [http://man7.org/linux/man-pages/man7/capabilities.7.html](http://man7.org/linux/man-pages/man7/capabilities.7.html). +The processes that run within a container run under the context of the [Linux] root user by default. Although the actions of root within a container are partially constrained by the set of Linux capabilities that the container runtime assigns to the containers, these default privileges could allow an attacker to escalate their privileges and/or gain access to sensitive information bound to the host, including Secrets and ConfigMaps. Below is a list of the default capabilities assigned to containers. For additional information about each capability, see http://man7.org/linux/man-pages/man7/capabilities.7.html.