2.14 Ensure live restore is Enabled

Information

The --live-restore enables full support of daemon-less containers in docker. It ensures that docker does not stop containers on shutdown or restore and properly reconnects to the container when restarted.
Rationale:
One of the important security triads is availability. Setting --live-restore flag in the docker daemon ensures that container execution is not interrupted when the docker daemon is not available. This also means that it is now easier to update and patch the docker daemon without execution downtime.

Solution

Run the docker in daemon mode and pass --live-restore as an argument.
For Example,
dockerd --live-restore
Impact:
None.
Default Value:
By default, --live-restore is not enabled.

See Also

https://workbench.cisecurity.org/files/1726

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-6, CSCv6|18

Plugin: Unix

Control ID: 25ec94b2e94bbfc091d4beec0d026c51561175c402efd76b2305730b2e70cf70