{"description": "To enable the SELinux for the Docker service, the Docker service must be\nconfigured to run the Docker daemon with <tt>--selinux-enabled</tt> option.\nIn <tt>/etc/sysconfig/docker</tt> configuration file, add or correct\nthe following line to enable SELinux support in the Docker daemon:\n<pre>OPTIONS='--selinux-enabled'</pre>", "rationale": "If SELinux is not explicitly enabled in the Docker daemon configuration,\nDocker does not use SELinux which means Docker runs unconfined,\nand SELinux will not provide security separation for Docker container\nprocesses. However enabling SELinux for the Docker service prevents\nan attacker or rogue container from attacking other container processes\nand content as well as prevents taking over the host operating system.", "severity": "high", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "machine", "platforms": ["machine"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["machine"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure SELinux support is enabled in Docker", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml", "template": null}