Is this Docker container running in privileged mode?

Docker containers that are running in privileged mode may be vulnerable to a container escape. This TTP checks whether the container is running in privileged mode by searching for the /dev/mem folder, which is normally only accessible while running in privileged mode. It is important that containers are not running in privileged mode, as they may mount the host filesystem, elevate privileges, and escape the container.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my Docker container vulnerable to host filesystem mounting?


Escape Docker container by mounting host filesystem.