From b3488e7d1f033c0d63d42fbae45499dcbcf422af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Wed, 1 Apr 2020 13:19:55 +0200 Subject: [PATCH] macOS user instructions. ref #158 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- README.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0c4f6f8..68835a0 100644 --- a/README.md +++ b/README.md @@ -15,8 +15,7 @@ this benchmark. We packaged docker bench as a small container for your convenience. Note that this container is being run with a *lot* of privilege -- sharing the host's filesystem, pid and network namespaces, due to portions of the benchmark -applying to the running host. Don't forget to adjust the shared volumes -according to your operating system, for example it might not use systemd. +applying to the running host. The easiest way to run your hosts against the Docker Bench for Security is by running our pre-built container: @@ -34,6 +33,21 @@ docker run -it --net host --pid host --userns host --cap-add audit_control \ docker/docker-bench-security ``` +Don't forget to adjust the shared volumes according to your operating system, +for example `Docker Desktop` on macOS don't have `/usr/lib/systemd` or the above +Docker binaries. + +```sh +docker run -it --net host --pid host --userns host --cap-add audit_control \ + -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \ + -v /etc:/etc \ + -v usr/local/bin/ + -v /var/lib:/var/lib:ro \ + -v /var/run/docker.sock:/var/run/docker.sock:ro \ + --label docker_bench_security \ + docker/docker-bench-security +``` + Docker bench requires Docker 1.13.0 or later in order to run. Note that when distributions doesn't contain `auditctl`, the audit tests will