TL;DR: hostPath mount of /, of /var/run/docker.sock, or of node kubelet creds — instant break out.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• TODO