Skip to main content

CV-C005: Host IPC mode

Error Security

Why This Matters

Setting ipc: host shares the host IPC namespace with the container. This allows the container to access host shared memory segments, semaphores, and message queues. An attacker could use this to read sensitive data from other processes or interfere with host services that use shared memory.

How to Fix

Remove ipc: host or use ipc: shareable between specific services that need shared memory

Before (incorrect)

services:
  web:
    ipc: host

After (correct)

services:
  web:
    ipc: shareable

Rule Details

Rule Code
CV-C005
Severity
Error
Category
Security

Related Rules

CV-C001 Error

Privileged mode enabled
CV-C002 Error

Docker socket mounted
CV-C003 Error

Host network mode
CV-C004 Error

Host PID mode
CV-C006 Error

Dangerous capabilities added