GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #209 from konstruktoid/issue_207

Browse source 
default capabilities are OK to add, closes #207
This commit is contained in:
Thomas Sjögren 2017-01-25 12:11:20 +01:00 committed by GitHub
commit fbe97f8858
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
tests/5_container_runtime.sh
View file

@ -61,7 +61,10 @@ else
fail=0 fail=0
for c in $containers; do for c in $containers; do
caps=$(docker inspect --format 'CapAdd={{ .HostConfig.CapAdd}}' "$c") container_caps=$(docker inspect --format 'CapAdd={{ .HostConfig.CapAdd}}' "$c")
caps=$(echo "$container_caps" | tr "[:lower:]" "[:upper:]" | \
sed 's/CAPADD/CapAdd/' | \
sed -r "s/AUDIT_WRITE|CHOWN|DAC_OVERRIDE|FOWNER|FSETID|KILL|MKNOD|NET_BIND_SERVICE|NET_RAW|SETFCAP|SETGID|SETPCAP|SETUID|SYS_CHROOT|\s//g")
if [ "$caps" != 'CapAdd=' -a "$caps" != 'CapAdd=[]' -a "$caps" != 'CapAdd=<no value>' -a "$caps" != 'CapAdd=<nil>' ]; then if [ "$caps" != 'CapAdd=' -a "$caps" != 'CapAdd=[]' -a "$caps" != 'CapAdd=<no value>' -a "$caps" != 'CapAdd=<nil>' ]; then
# If it's the first container, fail the test # If it's the first container, fail the test