Service Running in Privileged Mode

CRITICAL

Service is running in privileged mode. This grants container equivalent of root capabilities on the host machine. Can lead to container escapes and privilege escalation.

Rule Information

Language
Docker Compose
Category
Security
Author
Shivasurya
Shivasurya
Last Updated
2026-03-22
Tags
docker-composecomposeserviceprivilegedsecurityprivilege-escalationcontainer-escapecapabilitiescriticalhost-access
CWE References
CWE-250

Interactive Playground

Experiment with the vulnerable code and security rule below. Edit the code to see how the rule detects different vulnerability patterns.

pathfinder scan --ruleset docker-compose/COMPOSE-SEC-001 --project .
1
2
3
4
5
6
7
8
rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

About This Rule

Understanding the vulnerability and how it is detected

This rule detects docker-compose services configured with `privileged: true`. Privileged mode disables almost all container security features, granting the container nearly all capabilities of the host machine. This is equivalent to running as root on the host and can lead to complete host compromise.

How to Fix

Recommended remediation steps

  • 1Never run containers in privileged mode in production
  • 2Use specific Linux capabilities (cap_add) instead of full privileges
  • 3Use seccomp profiles to restrict system calls

References

External resources and documentation

CWE-250: Execution with Unnecessary PrivilegesCIS Docker Benchmark: Section 5.4Docker Security Best PracticesLinux Capabilities man pageNIST SP 800-190: Container Security Guide

Similar Rules

Explore related security rules for Docker Compose

LOW

Container Filesystem is Writable

Service has writable root filesystem. Consider making it read-only for better security.

MEDIUM

Using Host IPC Mode

Service uses host IPC namespace. Container shares inter-process communication with host.

MEDIUM

Missing no-new-privileges Security Option

Service does not have no-new-privileges security option. Without this, processes inside the container can gain additional privileges via setuid binaries or capability escalation.

Frequently Asked Questions

Common questions about Service Running in Privileged Mode

Privileged mode gives the container almost all capabilities of the host, including access to all devices. It effectively removes all container isolation.
Identify the specific capability needed (e.g., SYS_PTRACE for debugging) and add only that with cap_add. This follows the principle of least privilege.

New feature

Get these findings posted directly on your GitHub pull requests

The Service Running in Privileged Mode rule runs in CI and posts inline review comments on the exact lines — no dashboard, no SARIF viewer.

See how it works
Back to SecurityAll Languages →