Comment 13 for bug 1866099

The containers are not running a "mount" command from within the container. Any K8s Pod that requests a hostPath volume type and specifies the rootfs will perform a *bind* mount on the rootfs and all sub-path mounts (which includes DRBD).

The K8s security policies can protect the system from application Pods performing this same operation.
https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems