Do not mount sensitive host system directories on containers

Details

https://docs.docker.com/userguide/dockervolumes

Solution

Do not mount host sensitive directories on containers especially in read-write mode.

Impact-None.

Default Value-Docker defaults to a read-write volume but you can also mount a directory read-only. By
default, no sensitive host directories are mounted on containers.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/514

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-7b.

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles