Privileged Containers Enabled

• Query id: ae5b6871-7f45-42e0-bb4c-ab300c4d2026
• Query name: Privileged Containers Enabled
• Platform: DockerCompose
• Severity: High
• Category: Resource Management
• CWE: 250
• URL: Github

Description

Privileged containers should be used with extreme caution, they have all of the capabilities that the linux kernel offers for docker.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
    privileged: true

Positive test num. 2 - yaml file

version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
    ports:
      - "8080:8080"
      - "3000:3000"
    privileged: true
    cap_drop:
      - all

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1

Negative test num. 2 - yaml file

version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
    ports:
      - "8080:8080"
      - "3000:3000"
    privileged: false