Shared Host IPC Namespace

  • Query id: baa3890f-bed7-46f5-ab8f-1da8fc91c729
  • Query name: Shared Host IPC Namespace
  • Platform: DockerCompose
  • Severity: Medium
  • Category: Resource Management
  • CWE: 668
  • URL: Github

Description

Container should not share the host IPC namespace
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
    ipc: "host"
Positive test num. 2 - yaml file
version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
    ports:
      - "8080:8080"
      - "3000:3000"
    ipc: "host"
    cap_drop:
      - all

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
version: "3.9"

services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
Negative test num. 2 - yaml file
version: "2.4"

services:
  service:
    image: busybox
    command: top
    ipc: "service:shareable"

  container:
    image: busybox
    command: top
    ipc: "container:composetest_ipc_mode_container"

  shareable:
    image: busybox
    command: top
    ipc: shareable