mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-19 00:32:34 +01:00
Merge pull request #111 from konstruktoid/docker_inspect_format
inspect output changed
This commit is contained in:
commit
5155cae50a
2 changed files with 28 additions and 4 deletions
|
@ -151,7 +151,13 @@ else
|
||||||
/usr'
|
/usr'
|
||||||
fail=0
|
fail=0
|
||||||
for c in $containers; do
|
for c in $containers; do
|
||||||
volumes=$(docker inspect --format '{{ .VolumesRW }}' "$c")
|
docker inspect --format '{{ .VolumesRW }}' "$c" 2>/dev/null 1>&2
|
||||||
|
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
volumes=$(docker inspect --format '{{ .VolumesRW }}' "$c")
|
||||||
|
else
|
||||||
|
volumes=$(docker inspect --format '{{ .Mounts }}' "$c")
|
||||||
|
fi
|
||||||
# Go over each directory in sensitive dir and see if they exist in the volumes
|
# Go over each directory in sensitive dir and see if they exist in the volumes
|
||||||
for v in $sensitive_dirs; do
|
for v in $sensitive_dirs; do
|
||||||
sensitive=0
|
sensitive=0
|
||||||
|
@ -264,7 +270,13 @@ else
|
||||||
|
|
||||||
fail=0
|
fail=0
|
||||||
for c in $containers; do
|
for c in $containers; do
|
||||||
memory=$(docker inspect --format '{{ .Config.Memory }}' "$c")
|
docker inspect --format '{{ .Config.Memory }}' "$c" 2> /dev/null 1>&2
|
||||||
|
|
||||||
|
if [ "$?" -eq 0 ]; then
|
||||||
|
memory=$(docker inspect --format '{{ .Config.Memory }}' "$c")
|
||||||
|
else
|
||||||
|
memory=$(docker inspect --format '{{ .HostConfig.Memory }}' "$c")
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$memory" = "0" ]; then
|
if [ "$memory" = "0" ]; then
|
||||||
# If it's the first container, fail the test
|
# If it's the first container, fail the test
|
||||||
|
@ -287,7 +299,13 @@ else
|
||||||
|
|
||||||
fail=0
|
fail=0
|
||||||
for c in $containers; do
|
for c in $containers; do
|
||||||
shares=$(docker inspect --format '{{ .Config.CpuShares }}' "$c")
|
docker inspect --format '{{ .Config.CpuShares }}' "$c" 2> /dev/null 1>&2
|
||||||
|
|
||||||
|
if [ "$?" -eq 0 ]; then
|
||||||
|
shares=$(docker inspect --format '{{ .Config.CpuShares }}' "$c")
|
||||||
|
else
|
||||||
|
shares=$(docker inspect --format '{{ .HostConfig.CpuShares }}' "$c")
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$shares" = "0" ]; then
|
if [ "$shares" = "0" ]; then
|
||||||
# If it's the first container, fail the test
|
# If it's the first container, fail the test
|
||||||
|
|
|
@ -15,7 +15,13 @@ else
|
||||||
set -f; IFS=$'
|
set -f; IFS=$'
|
||||||
'
|
'
|
||||||
for c in $containers; do
|
for c in $containers; do
|
||||||
volumes=$(docker inspect --format '{{ .Volumes }}' "$c")
|
docker inspect --format '{{ .Volumes }}' "$c" 2>/dev/null 1>&2
|
||||||
|
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
volumes=$(docker inspect --format '{{ .Volumes }}' "$c")
|
||||||
|
else
|
||||||
|
volumes=$(docker inspect --format '{{ .Config.Volumes }}' "$c")
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$volumes" = "map[]" ]; then
|
if [ "$volumes" = "map[]" ]; then
|
||||||
# If it's the first container, fail the test
|
# If it's the first container, fail the test
|
||||||
|
|
Loading…
Reference in a new issue