Skip to content
Permalink
Browse files

Merge pull request #385 from J0WI/ro

Mount volumes read only
  • Loading branch information...
konstruktoid committed Aug 29, 2019
2 parents d1934b6 + 59c289e commit b354514d29ef55551ed8b7faee4f158f8c95a2d7
Showing with 14 additions and 14 deletions.
  1. +10 −10 README.md
  2. +4 −4 docker-compose.yml
@@ -24,12 +24,12 @@ running our pre-built container:
```sh
docker run -it --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /etc:/etc \
-v /usr/bin/docker-containerd:/usr/bin/docker-containerd \
-v /usr/bin/docker-runc:/usr/bin/docker-runc \
-v /usr/lib/systemd:/usr/lib/systemd \
-v /var/lib:/var/lib \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc:/etc:ro \
-v /usr/bin/docker-containerd:/usr/bin/docker-containerd:ro \
-v /usr/bin/docker-runc:/usr/bin/docker-runc:ro \
-v /usr/lib/systemd:/usr/lib/systemd:ro \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--label docker_bench_security \
docker/docker-bench-security
```
@@ -86,10 +86,10 @@ cd docker-bench-security
docker build --no-cache -t docker-bench-security .
docker run -it --net host --pid host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /var/lib:/var/lib \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/lib/systemd:/usr/lib/systemd \
-v /etc:/etc --label docker_bench_security \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /usr/lib/systemd:/usr/lib/systemd:ro \
-v /etc:/etc:ro --label docker_bench_security \
docker-bench-security
```

@@ -15,7 +15,7 @@ docker-bench-security:
stdin_open: true
tty: true
volumes:
- /var/lib:/var/lib
- /var/run/docker.sock:/var/run/docker.sock
- /usr/lib/systemd:/usr/lib/systemd
- /etc:/etc
- /var/lib:/var/lib:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /usr/lib/systemd:/usr/lib/systemd:ro
- /etc:/etc:ro

0 comments on commit b354514

Please sign in to comment.
You can’t perform that action at this time.