How to resolve full-paths to bind-mount file systems on procfs and sysfs when starting a new container

book

Article ID: 163630

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

Inside the Docker container, the driver is unable to populate /proc and /sys paths. Instead, the driver can see the content of these directories directly.

Resolution

In the Management (Java) Console, perform the following steps:

  1. Select the Prevention tab.
  2. Right-click on the sym_unix_protection policy, and select Edit.
  3. In the Prevention Enabled window, click Sandboxes.
  4. In the Deamon Options, disablle the Conainter Processs, and click Apply.
  5. Click OK.
  6. In the Submit Changes window, enter the comments as required, and click Submit.

To apply the Unix prevention policy on a security group:

  1. Log on to Unified Management Console and select Server.
  2. Click Security Groups. The All Server Security Groups page appears and displays a list of the available security groups.
  3. In the Server Security Group Name column, click on the security group name on which you want to apply the policy.
  4. To apply a prevention policy, in the Add Prevention Policy area, select the Unix Prevention policy (sym_unix_protection_spb).
  5. Click Save. The All Server Security Groups page appears.
  6. Select the security group on which you have applied the policy, and click Reapply. The Unix Baseline Prevention policy is now applied on the security group.