osorito

Took a look at your shell command. If I run the following ``` node@Blaze:~/docker-bench-security$ sudo DOCKER_HOST="unix:///run/user/1001/docker.sock" sh docker-bench-security.sh # -------------------------------------------------------------------------------------------- # Docker Bench for Security v1.6.0 # # Docker, Inc....

Moved daemon.json to ~/.config/docker/daemon.json ``` node@Blaze:~/.config/docker$ pwd /home/node/.config/docker node@Blaze:~/docker-bench-security$ sudo cat ~/.config/docker/daemon.json { "log-driver": "syslog", "log-level": "info", "iptables": true, "insecure-registries": [], "live-restore": true, "userland-proxy": false, "tls": true, "tlsverify": true, "tlscacert":...

Locally made changes to test ``` get_docker_configuration_file() { DOCKER_USER_HOME="$(grep -m1 "^$(ps -eo user,cmd | grep docker | grep -v grep |\ awk '{ print $1 }')" /etc/passwd | awk -F':'...

Two outputs , first without DOCKER_HOST ``` node@docker-host:~/docker-bench-security$ sudo bash -x docker-bench-security.sh -c check_2_2 + version=1.6.0 + . ./functions/functions_lib.sh + . ./functions/helper_lib.sh ++ auditrules=/etc/audit/audit.rules ++ abspath docker-bench-security.sh ++ case "$1"...

When you install docker, first create a user that is not root in my case node. Then created a group docker and added node to the group. Installed docker, once...

``` node@docker-host:~$ ps -ef | grep docker node 5265 1010 0 16:33 ? 00:00:00 rootlesskit --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh node 5275 5265 0...

``` node@docker-host:/home/omar$ ps -eo user,cmd | grep docker node rootlesskit --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh node /proc/self/exe --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin...

If you run it by providing the host after sudo it does. ``` node@docker-host:~/docker-bench-security$ docker context ls NAME DESCRIPTION DOCKER ENDPOINT ERROR default Current DOCKER_HOST based configuration tcp://localhost:2376 rootless *...

Even if you set the options manually , script does not detect it. example ``` node@docker-host:~/.config/systemd/user/docker.service.d$ sudo cat /home/node/.config/systemd/user/docker.service.d/override.conf [Service] Environment=DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp" \ dockerd-rootless.sh \ -H tcp://docker-host:2376 \ --no-new-privileges --icc=false...

I'm under the impression the function helper_lib.sh was improved? ``` root@docker-host:/home/node/docker-bench-security/functions# cat helper_lib.sh #!/bin/bash # Returns the absolute path of a given string abspath () { case "$1" in /*)printf...