← Back to Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

V-235813

CAT I (High)

Docker Enterprise exec commands must not be used with privileged option.

Rule ID

SV-235813r960963_rule

STIG

Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000381

Discussion

Do not use docker exec with --privileged option. Using --privileged option in docker exec gives extended Linux capabilities to the command. Do not run docker exec with the --privileged option, especially when running containers with dropped capabilities or with enhanced restrictions. By default, docker exec command runs without --privileged option.

Check Content

This check only applies to the use of Docker Engine - Enterprise on a Linux host operating system and should be executed on all nodes in a Docker Enterprise cluster.

Ensure the default seccomp profile is not disabled, if applicable.

via CLI:

Linux: As a trusted user on the host operating system, use the below command to filter out docker exec commands that used --privileged option.

sudo ausearch -k docker | grep exec | grep privileged

If there are any in the output, then this is a finding.

Fix Text

This fix only applies to the use of Docker Engine - Enterprise on a Linux host operating system.

Do not use --privileged option in docker exec command.

A reference for the docker exec command can be found at https://docs.docker.com/engine/reference/commandline/exec/.