v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub

Control: 2.14 Ensure containers are restricted from acquiring new privileges

Description

By default you should restrict containers from acquiring additional privileges via suid or sgid.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_2_14

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_2_14 --share

SQL

This control uses a named query:

exec_containers_no_new_privilege_disabled

Tags

category = Compliance
cis = true
cis_item_id = 2.14
cis_level = 1
cis_section_id = 2
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker