Add checks for capabilities that allows container escape

docker / docker-bench-security

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

Apache License 2.0

9.17k stars 1.02k forks source link

Add checks for capabilities that allows container escape #476

Closed nikitastupin closed 3 years ago

nikitastupin commented 3 years ago

Hi team,

The check_5_3 lists extra capabilities but unfortunately it doesn't describes the risks associated with them. I decided to fill this gap and added checks for capabilities that allow container escape directly.

Nikita Stupin Advanced Software Technology Lab Huawei

konstruktoid commented 3 years ago

Thanks for the PR @nikitastupin! Looks good, will merge after a few tests.

konstruktoid commented 3 years ago

So sorry @nikitastupin for the delay, thank you for your contribution.

nikitastupin commented 3 years ago

Hi @konstruktoid, no worries! I'm glad that you've found this PR helpful and merged it.