Docker Community Forums

Share and learn in the Docker community.

Hostconfig.json global writable


(Frank Fuhrmann) #1

I’m using Docker (version 1.12.1, build 23cf638) on CentOS 7. My hosts have an HIDS (OSSEC) installed. If I start a new container the IDS sends me an alerts about the global writable file /var/lib/docker/containers/id_here/hostconfig.json. Example:

[root@piwik1 containers]# ls -lh */hostconfig.json
-rw-rw-rw-. 1 root root 1.2K Oct 13 21:00 32e4be21296d5077bc4387b9fc2ef35f6458acdfb1426462e1af0905767b5d2d/hostconfig.json
-rw-rw-rw-. 1 root root 1.1K Oct 13 21:06 366ed69fcc33be356395750d0c31fe268751aeecc1a45d76d4a19f9464196f5f/hostconfig.json

Is this problem specific to CentOS or is it a general problem with Docker? I can not find a reason in the system for it. General umask in the system is 022.