Deployment Task

When SELinux is enabled on the host, running the Aqua Scanner will result in access denied, similar to the following:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/_ping: dial unix /var/run/docker.sock: connect: permission denied

Deployment Steps

Use one of the following options to handle the issue. (The options are listed starting with the best option.):

  1. Create an SELinux policy to allow containers access to the socket. Find additional information in the following links: , (The linked documents are not published or endorsed by Aqua Security).
  2. Disable SELinux restrictions for the scanner-cli container during its run, with the Docker run option ("--security-opt label:disable"). Example:
docker run ---security-opt label:disable -rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/scanner-cli:3.0 scan --user scanner --password <Some Password> --host http://<Server IP>:8080 --local <Image Name>:latest --html --checkonly -n

      3. Run the scanner-cli container as privileged ("--privileged" flag).