5.22 Do not docker exec commands with privileged option

Information

Do not docker exec with --privileged option.

Rationale:

Using --privileged option in docker exec gives extended Linux capabilities to the command. This could potentially be insecure and unsafe to do especially when you are running containers with dropped capabilities or with enhanced restrictions.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Do not use --privileged option in docker exec command.

Impact:

None. If you need enhanced capabilities within the container, then run the container with the needed capabilities.

Default Value:

By default, docker exec command runs without --privileged option.

See Also

https://workbench.cisecurity.org/files/1476