Skip to content

Commit

Permalink
ease sinsitive dir rules (#47)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomoyamachi
tomoyamachi authored Aug 15, 2019
1 parent 67fd713 commit 25d0a13
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion CHECKPOINT.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ A volume mount makes weak points. This depends on mounting volumes.

Currently, `Dockle` checks following directories:

- `/boot`, `/dev`, `/etc`, `/lib`, `/proc`, `/sys`, `/usr`
- `/dev`, `/proc`, `/sys`

`dockle` only checks `VOLUME` statements, since we can't check `docker run -v /lib:/lib ...`.

Expand Down
2 changes: 1 addition & 1 deletion pkg/assessor/manifest/manifest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (

type ManifestAssessor struct{}

var sensitiveDirs = map[string]struct{}{"/boot": {}, "/dev": {}, "/etc": {}, "/lib": {}, "/proc": {}, "/sys": {}, "/usr": {}}
var sensitiveDirs = map[string]struct{}{"/sys": {}, "/dev": {}, "/proc": {}}
var suspiciousEnvKey = []string{"PASSWD", "PASSWORD", "SECRET", "KEY", "ACCESS"}
var acceptanceEnvKey = map[string]struct{}{"GPG_KEY": {}, "GPG_KEYS": {}}

Expand Down

0 comments on commit 25d0a13

Please sign in to comment.