GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 08:42:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
docker-bench-security/tests/1_1_check.sh

19 lines
702 B
Bash
Raw Normal View History

Made some minor changes after check with ShellCheck. Also fixed sourcing and verified that things work right with bash -x. Signed-off-by: Scott McCarty <smccarty@redhat.com>
2015-07-08 22:46:02 +02:00
THINPOOLDEV=$(ps -ef | grep docker | awk '/--storage-opt/ { for (x=1;x<=NF;x++) if ($x~"--storage-opt") print $(x+1) }' | grep thinpooldev | awk -F= '{print $2}')
ROOTVOLUME=$(df -P | grep " \/$" | awk '{print $1}')
SEPARATEPARTITION=$(grep /var/lib/docker /etc/fstab)
Created a much more sophisticated check for whether storage has really been moved off the root volume Signed-off-by: Scott McCarty <smccarty@redhat.com>
2015-07-08 12:09:53 +02:00
# Verify that somebody didn't put a dummy entry in /etc/fstab and are really
# using devicemapper
if [ "$SEPARATEPARTITION" ] && [ ! "$THINPOOLDEV" ]; then
RETVAL=0
# Verify that THINPOOLDEV exists and is not the same as root volume. I am not
# completely sure you could ever do this, but figured it's a safer check
elif [ "$THINPOOLDEV" ] && [ "$THINPOOLDEV" != "$ROOTVOLUME" ]; then
RETVAL=0
else
RETVAL=1
fi
Made some minor changes after check with ShellCheck. Also fixed sourcing and verified that things work right with bash -x. Signed-off-by: Scott McCarty <smccarty@redhat.com>
2015-07-08 22:46:02 +02:00
return $RETVAL
Reference in a new issue Copy permalink