Containers

In my experience it is somewhat common that people believe that it is impossible to escalate your permissions when you have access to the logs in /var/log on a node. That is inaccurate.

Container lifecycles hooks can make sure commands run before and after container creation. However, they may block container start and termination indefinitely, and you should be very careful when you use them.