turbot/docker_compliance
GitHub
Loading controls...

Control: 5.32 Ensure that the Docker socket is not mounted inside any containers

Description

The Docker socket docker.sock should not be mounted inside a container.

If the Docker socket is mounted inside a container it could allow processes running within the container to execute Docker commands which would effectively allow for full control of the host.

Remediation

You should ensure that no containers mount docker.sock as a volume.

Default Value

By default, docker.sock is not mounted inside containers.

Usage

Run the control in your terminal:

steampipe check docker_compliance.control.cis_v160_5_32

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share docker_compliance.control.cis_v160_5_32

SQL

This control uses a named query:

exec_docker_socket_not_mounted_inside_containers

Tags