- Newest
- Most votes
- Most comments
This control checks whether an AWS CodeBuild project environment has privileged mode enabled or disabled. The control fails if an CodeBuild project environment has privileged mode enabled.
By default, Docker containers do not allow access to any devices. Privileged mode grants a build project's Docker container access to all devices. Setting privilegedMode with value true permits the Docker daemon to run inside a Docker container. The Docker daemon listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. This parameter should only be set to true if the build project is used to build Docker images. Otherwise, this setting should be disabled to prevent unintended access to Docker APIs as well as the container's underlying hardware. Setting privilegedMode to false helps protect critical resources from tampering and deletion.
If your use case is legit, you may proceed to suppress findings or disable control whichever suits you best.
[+] https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-5
[+] https://docs.aws.amazon.com/securityhub/latest/userguide/finding-workflow-status.html
I am not sure it's possible, also refer to this article: https://stackoverflow.com/questions/73319310/docker-build-in-codebuild-without-priviledged-mode
Relevant content
- asked 2 years ago
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago