Docker Socket Mounted In Container
- Query id: d6355c88-1e8d-49e9-b2f2-f8a1ca12c75b
- Query name: Docker Socket Mounted In Container
- Platform: DockerCompose
- Severity: High
- Category: Build Process
- URL: Github
Description¶
Docker socket docker.sock should not be mounted on host. If the docker socket is mounted, it can allow its processes to execute docker commands.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: "3.1"
services:
service1:
container_name: service
image: notareal/image:latest
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 8080:8080