kubectl-detector-for-docker-socket icon indicating copy to clipboard operation
kubectl-detector-for-docker-socket copied to clipboard
verified publisher icon aws-containers

Unlisted docker mount if owner is not known

Open Bourne-ID opened this issue 2 years ago • 0 comments

During a scan of a cluster, there may be custom resource definitions which own a pod beyond the stated list on the readme.md file - for example runners from summerwind.

Whilst an error about these owners is presented, the pod itself is not scanned. As such any pods mounting the docker host socket with an unknown owner will not be presented in the conclusion table.

I propose this tool scans the pod for the mount in the event the owner is unknown instead of ignoring it.

Replication: Install an addon which controls pods, for example SummerWind Action Runners Mount the Docker host socket with a runner Run the tool

Output:

could not find resource manager for type Runner for pod my-docker-9k99f-12345
NAMESPACE	TYPE	NAME	STATUS

Bourne-ID avatar Jun 12 '23 02:06 Bourne-ID