docker.service file permission is 640 but it is still giving a WARN notification

[adespain]

My docker.service file permissions are more restrictive than 644, they are set to 640 and yet it still says WARN and says:

[WARN] 3.2 - Ensure that docker.service file permissions are set to 644 or more restrictive

[konstruktoid]

Hi @adespain, thanks for reporting this.

You are correct, the script only checks for 644 and 0600 (https://github.com/docker/docker-bench-security/blob/master/tests/3_docker_daemon_configuration_files.sh#L50).

I'll make it more flexible as soon as possible.

[konstruktoid]

@adespain, can you verify since #461 has been merged?

[adespain]

I am still getting the warning. This is what I run so maybe the image needs to be updated?

docker run --rm --net host --pid host --userns host --cap-add audit_control \
    -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
    -v /etc:/etc:ro \
    -v /lib/systemd/system:/lib/systemd/system:ro \
    -v /usr/bin/containerd:/usr/bin/containerd:ro \
    -v /usr/bin/runc:/usr/bin/runc:ro \
    -v /usr/lib/systemd:/usr/lib/systemd:ro \
    -v /var/lib:/var/lib:ro \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    --label docker_bench_security \
    docker/docker-bench-security

[konstruktoid]

Hi @adespain, that's a classic: #405

[adespain]

Ha ha, looks like someone needs to use a gps tracker on the signing keys 😆

[konstruktoid]

Closing due to inactivity.