mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-06-28 07:36:43 +00:00
Merge 3f1e2c7c13
into 7878276f04
This commit is contained in:
commit
00d8ba90a0
2 changed files with 19 additions and 1 deletions
18
tests/1_1_check.sh
Executable file
18
tests/1_1_check.sh
Executable file
|
@ -0,0 +1,18 @@
|
|||
THINPOOLDEV=$(ps -ef | grep docker | awk '/--storage-opt/ { for (x=1;x<=NF;x++) if ($x~"--storage-opt") print $(x+1) }' | grep thinpooldev | awk -F= '{print $2}')
|
||||
ROOTVOLUME=$(df -P | grep " \/$" | awk '{print $1}')
|
||||
SEPARATEPARTITION=$(grep /var/lib/docker /etc/fstab)
|
||||
|
||||
# Verify that somebody didn't put a dummy entry in /etc/fstab and are really
|
||||
# using devicemapper
|
||||
if [ "$SEPARATEPARTITION" ] && [ ! "$THINPOOLDEV" ]; then
|
||||
RETVAL=0
|
||||
|
||||
# Verify that THINPOOLDEV exists and is not the same as root volume. I am not
|
||||
# completely sure you could ever do this, but figured it's a safer check
|
||||
elif [ "$THINPOOLDEV" ] && [ "$THINPOOLDEV" != "$ROOTVOLUME" ]; then
|
||||
RETVAL=0
|
||||
else
|
||||
RETVAL=1
|
||||
fi
|
||||
|
||||
return $RETVAL
|
|
@ -5,7 +5,7 @@ info "1 - Host Configuration"
|
|||
|
||||
# 1.1
|
||||
check_1_1="1.1 - Create a separate partition for containers"
|
||||
grep /var/lib/docker /etc/fstab >/dev/null 2>&1
|
||||
source tests/1_1_check.sh 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
pass "$check_1_1"
|
||||
else
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue