From fd9ad44344d31a7dab2f2b8aa757c33369000e8d Mon Sep 17 00:00:00 2001
From: Nitro Cao <jaycecao520@gmail.com>
Date: Wed, 1 Sep 2021 11:03:50 +0800
Subject: [PATCH] Fix the bug that a container may not have ps command

---
 docker-bench-security.sh     | 2 +-
 tests/5_container_runtime.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-bench-security.sh b/docker-bench-security.sh
index 3b04945..46304fc 100755
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@@ -24,7 +24,7 @@ readonly myname
 export PATH="$PATH:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/"
 
 # Check for required program(s)
-req_programs 'awk docker grep stat tee tail wc xargs truncate sed'
+req_programs 'awk docker grep stat tee tail wc xargs truncate sed pgrep'
 
 # Ensure we can connect to docker daemon
 if ! docker ps -q >/dev/null 2>&1; then
diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh
index 4b3b09a..75b6d45 100644
--- a/tests/5_container_runtime.sh
+++ b/tests/5_container_runtime.sh
@@ -254,7 +254,7 @@ check_5_6() {
   printcheck=0
   for c in $containers; do
 
-    processes=$(docker exec "$c" ps -el 2>/dev/null | grep -c sshd | awk '{print $1}')
+    processes=$(docker inspect "$c" --format '{{ .State.Pid }}' 2>/dev/null | xargs pgrep -a -P 2>/dev/null | grep -c sshd | awk '{print $1}')
     if [ "$processes" -ge 1 ]; then
       # If it's the first container, fail the test
       if [ $fail -eq 0 ]; then