DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option.


Do not use docker exec with --privileged option.

Using --privileged option in docker exec gives extended Linux capabilities to the command. Do not run docker exec with the --privileged option, especially when running containers with dropped capabilities or with enhanced restrictions. By default, docker exec command runs without --privileged option.


This fix only applies to the use of Docker Engine - Enterprise on a Linux host operating system.

Do not use --privileged option in docker exec command.

A reference for the docker exec command can be found at

See Also

Item Details


References: 800-53|CM-7a., CAT|I, CCI|CCI-000381, Rule-ID|SV-235813r627566_rule, STIG-ID|DKER-EE-002080, STIG-Legacy|SV-104799, STIG-Legacy|V-95661, Vuln-ID|V-235813

Plugin: Unix

Control ID: d2b9a60e539f3c3e250e01489e7c7dad454ae80e92da1be71b85c47ee6efa61a