docker-bench-security icon indicating copy to clipboard operation
docker-bench-security copied to clipboard
verified publisher icon docker

Support for Docker rootless

Open GHDEV00 opened this issue 11 months ago • 5 comments

Would adding support for Docker rootless mode be possible?

There was an old issue that got closed because CIS didn't include it in its release but CIS Docker v1.7.0 includes it in the check "2.1 Run the Docker daemon as a non-root user, if possible".

Old issue: https://github.com/docker/docker-bench-security/issues/505 CIS reference: https://workbench.cisecurity.org/sections/2370444/recommendations/3808700

GHDEV00 avatar Jan 24 '25 12:01 GHDEV00

Hi @GHDEV00, checking if the docker daemon runs rootless isn't a big issue but the follow-up is to support rootless checks, or a combination of both, which is harder.

konstruktoid avatar Jan 25 '25 11:01 konstruktoid

Hi @konstruktoid, I see that support for rootless checks need work. Would it be possible to at least add this as a feature request? I think many users would benefit an implementation of such checks, as docker rootless mode is one of the key aspects when securing a docker installation.

GHDEV00 avatar Jan 27 '25 07:01 GHDEV00

Of course! We'll keep this issue open, and if you want to send a PR, that would be great as well.

konstruktoid avatar Jan 27 '25 08:01 konstruktoid

Hi @konstruktoid and @GHDEV00. Is it okay if I work on this issue?

extern-c avatar Feb 25 '25 01:02 extern-c

Absolutely, @extern-c, feel free.

konstruktoid avatar Feb 25 '25 05:02 konstruktoid