Docs / Controls / NC-DOCKER-001
NC-DOCKER-001

Containers not running as root or privileged

๐ŸŸ  High ๐Ÿ”Œ Plugin Expanded ๐Ÿ“Š Contributes to expanded score

What this checks

Runs docker ps and docker inspect on all running containers to check for dangerous privilege configurations: --privileged flag, root user (uid=0), and high-risk capability grants (CAP_SYS_ADMIN, CAP_NET_ADMIN, ALL). Aligns with the CIS Docker Benchmark.

Why it matters

A privileged Docker container has near-full access to the host kernel. A container running as root with a volume mount can read and write host files. If a service inside the container is compromised (e.g. via a dependency vulnerability), the attacker can escape the container entirely. This is especially relevant for self-hosted AI setups where containers run inference servers and agent services that process untrusted input.

How to fix it

Run containers as a non-root user

# In your Dockerfile, add a non-root user:
RUN addgroup --system app && adduser --system --ingroup app app
USER app

# Or specify at runtime:
docker run --user 1000:1000 myimage

Remove --privileged

Almost nothing legitimately needs --privileged. If a container requires it, investigate why it usually means a specific capability is needed, not full privilege escalation. Drop --privileged and add only the specific capability required:

# Instead of:
docker run --privileged myimage

# Use only what's needed:
docker run --cap-add SYS_PTRACE myimage

In docker-compose.yml:

services:
  myservice:
    image: myimage
    user: "1000:1000"
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE   # only if needed

Technical details

FieldValue
Control IDNC-DOCKER-001
DomainDOCKER
SeverityHigh
StatusExpanded (Plugin only)
Data sourcedocker ps --format json + docker inspect
ModeMode 2 (System-level requires plugin expanded mode)
Introduced inLibrary v0.2.0
Skipped ifDocker is not installed or no containers are running
FrameworkCIS Docker Benchmark 5.4, 5.22

False positive notes

Some official images (e.g. certain monitoring agents, VPN containers) legitimately require elevated privileges. If a specific container is flagged and the privilege requirement is intentional and understood, exclude it by container name.

Suppress this finding

clawvitals exclude NC-DOCKER-001 reason "monitoring agent requires CAP_SYS_ADMIN by design"
โ† NC-TUNNEL-001 NC-OS-001 โ†’