Skip to main content

CV-C001: Privileged mode enabled

Error Security

Why This Matters

Running a container in privileged mode grants it all Linux kernel capabilities and access to host devices. This effectively disables container isolation and allows the container to do almost anything the host can do. An attacker who compromises a privileged container gains full root access to the host system. CWE-250: Execution with Unnecessary Privileges.

How to Fix

Remove privileged: true and use specific capabilities via cap_add instead

Before (incorrect)

services:
  web:
    privileged: true

After (correct)

services:
  web:
    cap_add:
      - NET_BIND_SERVICE

Rule Details

Rule Code
CV-C001
Severity
Error
Category
Security

Related Rules

CV-C002 Error

Docker socket mounted
CV-C003 Error

Host network mode
CV-C004 Error

Host PID mode
CV-C005 Error

Host IPC mode
CV-C006 Error

Dangerous capabilities added