Docker exec commands are used without the privileged option
Set up the docker integration.
Description
You should not use docker exec with the --privileged option.
Rationale
Using the --privileged option in docker exec commands gives extended Linux capabilities to the command. This could potentially be an insecure practice, particularly when you are running containers with reduced capabilities or with enhanced restrictions.
Audit
If you have auditing enabled as recommended in Section 1, use this command to filter out docker exec commands that use the --privileged option: ausearch -k docker | grep exec | grep privileged
You should not use the --privileged option in docker exec commands.
Impact
If you need enhanced capabilities within a container, then run it with all the permissions it requires. These should be specified individually.
Default value
By default, the docker exec command runs without the --privileged option.
References
- https://docs.docker.com/engine/reference/commandline/exec/
CIS controls
Version 6
5.1 Minimize And Sparingly Use Administrative Privileges - Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior.
