Skip to content

TOB-K8S-025: Incorrect docker daemon process name in container manager #81139

New issue
New issue
Closed
#81083
Closed
TOB-K8S-025: Incorrect docker daemon process name in container manager#81139
#81083
Labels
area/securitykind/bugCategorizes issue or PR as related to a bug.sig/nodeCategorizes an issue or PR as relevant to SIG Node.wg/security-auditCategorizes an issue or PR as relevant to WG Security Audit.
Milestone
v1.16
@cji

Description

@cji
cji
opened on Aug 8, 2019

This issue was reported in the Kubernetes Security Audit Report

Description
The container manager used in kubelet checks for docker daemon process either via pidfile or process name. While the pidfile points to the docker daemon process PID, the dockerProcessName constant stores a docker cli name (docker) instead of docker daemon name (dockerd).

const (
      // (...)
	dockerProcessName     = "docker"
	dockerPidFile         = "/var/run/docker.pid"
      // (...)
)

Figure 30.1: Constants in pkg/kubelet/cm/container_manager_linux.go file.

Recommendation
Correct the docker process name to dockerd.

Anything else we need to know?:

See #81146 for current status of all issues created from these findings.

The vendor gave this issue an ID of TOB-K8S-025 and it was finding 31 of the report.

The vendor considers this issue Informational Severity.

To view the original finding, begin on page 77 of the Kubernetes Security Review Report

Environment:

  • Kubernetes version: 1.13.4

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securitykind/bugCategorizes issue or PR as related to a bug.sig/nodeCategorizes an issue or PR as relevant to SIG Node.wg/security-auditCategorizes an issue or PR as relevant to WG Security Audit.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions