gistfile1.txt
· 662 B · Text
原始檔案
version: '3'
services:
docker-bench-security:
image: docker/docker-bench-security
container_name: docker-bench-security
network_mode: host
pid: host
user: root
cap_add:
- audit_control
environment:
- DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST
volumes:
- /etc:/etc:ro
- /lib/systemd/system:/lib/systemd/system:ro
- /volume1/docker/containerd:/usr/bin/containerd:ro
- //volume1/docker/containerd:/usr/bin/runc:ro
- //volume1/docker/containerd:/usr/lib/systemd:ro
- /var/lib:/var/lib:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- docker_bench_security
| 1 | version: '3' |
| 2 | |
| 3 | services: |
| 4 | docker-bench-security: |
| 5 | image: docker/docker-bench-security |
| 6 | container_name: docker-bench-security |
| 7 | network_mode: host |
| 8 | pid: host |
| 9 | user: root |
| 10 | cap_add: |
| 11 | - audit_control |
| 12 | environment: |
| 13 | - DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST |
| 14 | volumes: |
| 15 | - /etc:/etc:ro |
| 16 | - /lib/systemd/system:/lib/systemd/system:ro |
| 17 | - /volume1/docker/containerd:/usr/bin/containerd:ro |
| 18 | - //volume1/docker/containerd:/usr/bin/runc:ro |
| 19 | - //volume1/docker/containerd:/usr/lib/systemd:ro |
| 20 | - /var/lib:/var/lib:ro |
| 21 | - /var/run/docker.sock:/var/run/docker.sock:ro |
| 22 | labels: |
| 23 | - docker_bench_security |
| 24 |