Showing results for 
Show  only  | Search instead for 
Did you mean: 

Find Containers Running As Privileged

Description: This query looks for Docker containers that have privileged status.

What The Data Shows:  Using the privileged flag gives all Linux kernel capabilities to the container and lifts limitations enforced by the cgroup controller. CIS Benchmarks for running containers recommend that this flag is not used except for very few special use cases. Use this query to identify containers in your environment that have this elevated status and make sure that there is a specific reason that the container need to maintain that status.


   SELECT id, name, image, state, started_at 
   FROM docker_containers
   WHERE privileged=1;


1 Comment
Carbon Black Employee
Status changed to: Approved