Docker Enterprise exec commands must not be used with privileged option.

An XCCDF Rule

Details
Profiles

Description

Do not use docker exec with --privileged option. Using --privileged option in docker exec gives extended Linux capabilities to the command. Do not run docker exec with the --privileged option, especially when running containers with dropped capabilities or with enhanced restrictions. By default, docker exec command runs without --privileged option.

ID: SV-235813r627566_rule
Version: DKER-EE-002080
Severity: High
References: CCI-000381
Updated: 23 days ago

Remediation Templates

This fix only applies to the use of Docker Engine - Enterprise on a Linux host operating system.

Do not use --privileged option in docker exec command.

A reference for the docker exec command can be found at https://docs.docker.com/engine/reference/commandline/exec/.

Docker Enterprise exec commands must not be used with privileged option.

Description

Remediation Templates

A Manual Procedure