Docker Community Forums

Share and learn in the Docker community.

Setting nodev to mount point in docker host

aws
docker

(Mavencheong) #1

Hi,
I’m new to docker, my security raise a concern when they perform vulnerability scan on my docker host (AWS Linux) machine with below details, i believe they are being use by docker. My question is would it be fine if I set the nodev mount option to those partitions? Possible? Will it cause any issue to docker?

I believe /var/lib/docker/devicemapper/mnt/d28fddabf5b86c22b4153d3565fd4414c462d99d88927885d329ceda9293d959 is the docker container root file system. If set nodev what will happen?

The following issues were discovered from the AWS Linux EC2 instance (Docker host):
/cgroup/blkio partition does not have ‘nodev’ option set.
/cgroup/cpu partition does not have ‘nodev’ option set.
/cgroup/cpuacct partition does not have ‘nodev’ option set.
/cgroup/cpuset partition does not have ‘nodev’ option set.
/cgroup/devices partition does not have ‘nodev’ option set.
/cgroup/freezer partition does not have ‘nodev’ option set.
/cgroup/hugetlb partition does not have ‘nodev’ option set.
/cgroup/memory partition does not have ‘nodev’ option set.
/cgroup/perf_event partition does not have ‘nodev’ option set.
/var/lib/docker partition does not have ‘nodev’ option set.
/var/lib/docker/plugins partition does not have ‘nodev’ option set.
/var/lib/docker/devicemapper/mnt/d28fddabf5b86c22b4153d3565fd4414c462d99d88927885d329ceda9293d959 partition does not have ‘nodev’ option set.
/var/run/docker/netns/default partition does not have ‘nodev’ option set.