Added new test [CONT-8108] to check file permissions of Docker files

2015-09-24 20:29:05 +02:00 · 2015-09-24 20:29:05 +02:00 · 1edaba4d71
parent 5fe1e6dd65
commit 1edaba4d71
1 changed files with 36 additions and 0 deletions
--- a/include/tests_containers
+++ b/include/tests_containers
@ -21,6 +21,10 @@
    InsertSection "Containers"
 #
 #################################################################################
+#
+    DOCKER_FILE_PERMISSIONS_WARNINGS=0
+#
+#################################################################################
 #
    # Test        : CONT-8004
    # Description : Query running Solaris zones
@ -160,6 +164,38 @@
    fi
 #
 #################################################################################
+#
+    # Test        : CONT-8108
+    # Description : Checking Docker file permissions
+    # Notes       : /var/run/docker.sock - Usually root as owner, docker as group - should not be world writable
+    if [ ! "${DOCKERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no CONT-8108 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check file permissions for Docker files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        NOT_WORLD_WRITABLE="/var/run/docker.sock"
+        for I in ${NOT_WORLD_WRITABLE}; do
+            logtext "Test: Check ${I}"
+            if [ -f ${I} ]; then
+                logtext "Result: file ${I} found, permissions will be tested"
+                IsWorldWritable ${I}
+                if [ $? -eq 1 ]; then
+                    logtext "Result: file is writable by others, which is a security risk (e.g. privilege escalation)"
+                    ReportWarning "${TEST_NO}" "Docker file is world writable" "${I}" "-"
+                    DOCKER_FILE_PERMISSIONS_WARNINGS=`expr ${DOCKER_FILE_PERMISSIONS_WARNINGS} + 1`
+                  else
+                    logtext "Result: file is not writable by others, which is fine"
+                fi
+            fi
+        done
+        if [ ${DOCKER_FILE_PERMISSIONS_WARNINGS} -gt 0 ]; then
+            Display --indent 4 --text "- File permissions" --result WARNINGS --color YELLOW
+            AddHP 0 5
+          else
+            Display --indent 4 --text "- File permissions" --result OK --color GREEN
+            AddHP 5 5
+        fi
+    fi
+#
+#################################################################################
 #

 wait_for_keypress