Set up the docker integration.
Description
The --live-restore option enables full support of daemon-less containers within Docker. It ensures that Docker does not stop containers on shutdown or restore and that it properly reconnects to the container when restarted.
Rationale
One of the important security triads is availability. Setting the --live-restore flag within the Docker daemon ensures that container execution is not interrupted when it is not available. This also makes it easier to update and patch the Docker daemon without application downtime.
Audit
Run the docker info and ensure that the Live Restore Enabled property is set to true:
docker info --format '{{ .LiveRestoreEnabled }}'
Alternatively, run the following command and ensure that --live-restore is in use:
Also review the /etc/docker/daemon.json file to ensure this setting is in use.
Run Docker in daemon mode and pass --live-restore to it as an argument.
For Example, dockerd --live-restore
Impact
None.
Default value
By default, --live-restore is not enabled.
References
- https://docs.docker.com/engine/admin/live-restore/
CIS controls
Version 6 18 Application Software Security Application Software Security
