Cgroup Not Default
- Query id: 4d9f44c6-2f4a-4317-9bb5-267adbea0232
- Query name: Cgroup Not Default
- Platform: DockerCompose
- Severity: Medium
- Category: Build Process
- URL: Github
Description¶
Control groups restrict the access processes and containers have to system resources such as CPU, RAM, IOPS and network. Not having a cgroup well configured may prove to be a security fault.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: '2'
services:
iperfclient:
build:
context: .
dockerfile: client.Dockerfile
container_name: ipc
cgroup_parent: nat-docker
volumes:
- ./host:container.yaml
networks:
- netnet
expose:
- 1234
networks:
netnet: