From fd9ad44344d31a7dab2f2b8aa757c33369000e8d Mon Sep 17 00:00:00 2001 From: Nitro Cao Date: Wed, 1 Sep 2021 11:03:50 +0800 Subject: [PATCH] Fix the bug that a container may not have ps command --- docker-bench-security.sh | 2 +- tests/5_container_runtime.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-bench-security.sh b/docker-bench-security.sh index 3b04945..46304fc 100755 --- a/docker-bench-security.sh +++ b/docker-bench-security.sh @@ -24,7 +24,7 @@ readonly myname export PATH="$PATH:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/" # Check for required program(s) -req_programs 'awk docker grep stat tee tail wc xargs truncate sed' +req_programs 'awk docker grep stat tee tail wc xargs truncate sed pgrep' # Ensure we can connect to docker daemon if ! docker ps -q >/dev/null 2>&1; then diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh index 4b3b09a..75b6d45 100644 --- a/tests/5_container_runtime.sh +++ b/tests/5_container_runtime.sh @@ -254,7 +254,7 @@ check_5_6() { printcheck=0 for c in $containers; do - processes=$(docker exec "$c" ps -el 2>/dev/null | grep -c sshd | awk '{print $1}') + processes=$(docker inspect "$c" --format '{{ .State.Pid }}' 2>/dev/null | xargs pgrep -a -P 2>/dev/null | grep -c sshd | awk '{print $1}') if [ "$processes" -ge 1 ]; then # If it's the first container, fail the test if [ $fail -eq 0 ]; then