🚀Launch Week 07, Jaunary 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub

Control: 5.32 Ensure that the Docker socket is not mounted inside any containers

Description

The Docker socket docker.sock should not be mounted inside a container.

If the Docker socket is mounted inside a container it could allow processes running within the container to execute Docker commands which would effectively allow for full control of the host.

Remediation

You should ensure that no containers mount docker.sock as a volume.

Default Value

By default, docker.sock is not mounted inside containers.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_5_32

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_5_32 --share

SQL

This control uses a named query:

exec_docker_socket_not_mounted_inside_containers

Tags

category = Compliance
cis = true
cis_item_id = 5.32
cis_level = 5
cis_section_id = 5
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker