2.11 Use authorization plugin

Information

https://docs.docker.com/engine/reference/commandline/daemon/#access-authorization
2.https://docs.docker.com/engine/extend/authorization/
3.https://github.com/twistlock/authz

Solution

Step 1- Install/Create an authorization plugin.Step 2- Configure the authorization policy as desired.Step 3- Start the docker daemon as below-dockerd --authorization-plugin=<PLUGIN_ID>Impact-Each docker command specifically passes through authorization plugin mechanism. This
might introduce a slight performance drop.Default Value-By default, authorization plugins are not set up.

See Also

https://workbench.cisecurity.org/files/517

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2

Plugin: Unix

Control ID: cf48dfdc225ab02a237596813df85afae078bebbf8e6b171a7e72cc3e9ca845b