MKE must use a non-AUFS storage driver.

An XCCDF Rule

Description

<VulnDiscussion>The aufs storage driver is an old driver based on a Linux kernel patch-set that is unlikely to be merged into the main Linux kernel. aufs driver is also known to cause some serious kernel crashes. aufs only has legacy support from Docker. Most importantly, aufs is not a supported driver in many Linux distributions using latest Linux kernels.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-260926r966135_rule
Severity: Medium
References: CCI-000382
Updated: 19 days ago

Modify Storage Driver setting.

Via CLI as a trusted user on the underlying host operating system:

If the daemon.json file does not exist, it must be created.
"/etc/docker/daemon.json"

Edit the "/etc/docker/daemon.json" file and set the "storage-driver" property to a value that is not "aufs" or "btrfs".
{
  "storage-driver": "overlay2"
}

Restart the Docker daemon by executing the following:

sudo systemctl restart docker

MKE must use a non-AUFS storage driver.

Description

Remediation - Manual Procedure