Shared Host IPC Namespace

• Query id: baa3890f-bed7-46f5-ab8f-1da8fc91c729
• Query name: Shared Host IPC Namespace
• Platform: DockerCompose
• Severity: Medium
• Category: Resource Management
• URL: Github

Description

Container should not share the host IPC namespace
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
    ipc: "host"

Postitive test num. 2 - yaml file

version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
    ports:
      - "8080:8080"
      - "3000:3000"
    ipc: "host"
    cap_drop:
      - all

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1

Negative test num. 2 - yaml file

version: "2.4"

services:
  service:
    image: busybox
    command: top
    ipc: "service:shareable"

  container:
    image: busybox
    command: top
    ipc: "container:composetest_ipc_mode_container"

  shareable:
    image: busybox
    command: top
    ipc: shareable