Information
Rootless mode executes the Docker daemon and containers inside a user namespace, with both the daemon and the container are running without root privileges.
Rationale:
Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime.
Impact:
There are multiple prerequisites depending on which distribution that is in use, and also known limitations regarding networking and resource limitation.
Running in rootless mode also changes the location of any configuration files in use, including all containers using the daemon.
Solution
Follow the current Docker documentation on how to install the Docker daemon as a non-root user.
Default Value:
The Docker daemon is running as the root user by default.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|4
Control ID: fee855127ac2327168e5bf6e477bfed302d7981e4c31cceca0a410c439b52577