Ensure not use docker --privileged

When Docker privileged mode is enabled, all devices on the host system are granted root capabilities in the Docker container. When a container is run in privileged mode, it gains the capabilities of its host. Any code injection technique on a docker image will escalate the attack surface to control GH Runner as root.

Suggest Edits

Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC010

REMEDIATION

Remove docker --privileged command

Read more:

Updated 7 months ago