Manage Host Shield Privilegeshttps://docs.sysdig.com/en/sysdig-secure/host-shield-privileges/Recent content on Manage Host Shield PrivilegesenTue, 19 May 2026 19:11:25 +0100 https://docs.sysdig.com/icons/sysdig-horizontal.pngManage Host Shield Privilegeshttps://docs.sysdig.com/en/sysdig-secure/host-shield-privileges/Sysdig logoManage Host Shield Privileges - Benefits of Setting host.privileged: falsehttps://docs.sysdig.com/en/sysdig-secure/host-shield-privileges/#benefits-of-setting-host.privileged-falseEnhanced Security: By setting host.privileged to false, you can limit Linux capabilities, minimizing the attack surface.Enhanced Security: By setting host.privileged to false, you can limit Linux capabilities, minimizing the attack surface.

]]>Benefits of Setting host.privileged: falseManage Host Shield Privileges - Prerequisiteshttps://docs.sysdig.com/en/sysdig-secure/host-shield-privileges/#prerequisitesHost Shield version 14.6.0 and later.

  • Host Shield version 14.6.0 and later.

  • Kubernetes deployment managed with the shield Helm chart version >= 1.38.0.

  • Host Shield requires the Universal eBPF driver.

    ]]>PrerequisitesManage Host Shield Privileges - Limitationhttps://docs.sysdig.com/en/sysdig-secure/host-shield-privileges/#limitationHost Shield does not support Google Kubernetes Engine (GKE) Autopilot.

  • Host Shield does not support Google Kubernetes Engine (GKE) Autopilot.

  • Host Shield does not support AWS Bottlerocket on ARM architecture.

    • ]]>    Limitation    Manage Host Shield Privileges - Configure Least Privileged Modehttps://docs.sysdig.com/en/sysdig-secure/host-shield-privileges/#configure-least-privileged-modeTo set host.privileged to false using the shield Helm chart, specify shield.host.privileged=false.To set host.privileged to false using the shield Helm chart, specify shield.host.privileged=false.

    The Helm chart automatically detects whether OpenShift is in use and applies the appropriate set of permissions.

    ]]>    Configure Least Privileged Mode