Information
Sensitive host system directories such as below should not be allowed to be mounted as
container volumes especially in read-write mode./
/boot
/dev
/etc
/lib
/proc
/sys
/usrIf sensitive directories are mounted in read-write mode, it would be possible to make
changes to files within those sensitive directories. The changes might bring down security
implications or unwarranted changes that could put the Docker host in compromised state.
Solution
Do not mount host sensitive directories on containers especially in read-write mode.Impact-None.Default Value-Docker defaults to a read-write volume but you can also mount a directory read-only. By
default, no sensitive host directories are mounted on containers.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.