GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #421 from konstruktoid/issue158

Browse source 
macOS user instructions. ref #158
This commit is contained in:
Thomas Sjögren 2020-04-01 13:20:41 +02:00 committed by GitHub
commit 0307da4c61
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
README.md
View file

@ -15,8 +15,7 @@ this benchmark.
We packaged docker bench as a small container for your convenience. Note that
this container is being run with a *lot* of privilege -- sharing the host's
filesystem, pid and network namespaces, due to portions of the benchmark
applying to the running host. Don't forget to adjust the shared volumes
according to your operating system, for example it might not use systemd.
applying to the running host.
The easiest way to run your hosts against the Docker Bench for Security is by
running our pre-built container:
@ -34,6 +33,21 @@ docker run -it --net host --pid host --userns host --cap-add audit_control \
docker/docker-bench-security
```
Don't forget to adjust the shared volumes according to your operating system,
for example `Docker Desktop` on macOS don't have `/usr/lib/systemd` or the above
Docker binaries.
```sh
docker run -it --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /etc:/etc \
-v usr/local/bin/
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--label docker_bench_security \
docker/docker-bench-security
```
Docker bench requires Docker 1.13.0 or later in order to run.
Note that when distributions doesn't contain `auditctl`, the audit tests will