Execute benchmark on rootless docker

Describe the bug
A clear and concise description of what the bug is.

If you set up docker in rootless mode, you can not run the test

Setup docker rootless based on 

https://docs.docker.com/engine/security/rootless/

```
node@Blaze:~$ cat rootless_docker.log
[INFO] starting systemd service docker.service
● docker.service - Docker Application Container Engine (Rootless)
     Loaded: loaded (/home/node/.config/systemd/user/docker.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-09-04 22:37:31 UTC; 3s ago
       Docs: https://docs.docker.com/go/rootless/
   Main PID: 4516 (rootlesskit)
      Tasks: 34
     Memory: 42.1M (peak: 42.6M)
        CPU: 498ms
     CGroup: /user.slice/user-1001.slice/user@1001.service/app.slice/docker.service
             ├─4516 rootlesskit --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
             ├─4526 /proc/self/exe --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
             ├─4546 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 4526 tap0
             ├─4553 dockerd
             └─4571 containerd --config /run/user/1001/docker/containerd/containerd.toml

Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112155106Z" level=warning msg="WARNING: No io.weight support"
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112169219Z" level=warning msg="WARNING: No io.weight (per device) support"
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112176655Z" level=warning msg="WARNING: No io.max (rbps) support"
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112182808Z" level=warning msg="WARNING: No io.max (wbps) support"
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112188511Z" level=warning msg="WARNING: No io.max (riops) support"
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112194018Z" level=warning msg="WARNING: No io.max (wiops) support"
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112211982Z" level=info msg="Docker daemon" commit=3ab5c7d containerd-snapshotter=false storage-driver=overlay2 version=27.2.0
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.112798306Z" level=info msg="Daemon has completed initialization"
Sep 04 22:37:31 Blaze dockerd-rootless.sh[4553]: time="2024-09-04T22:37:31.150703407Z" level=info msg="API listen on /run/user/1001/docker.sock"
Sep 04 22:37:31 Blaze systemd[998]: Started docker.service - Docker Application Container Engine (Rootless).
Client: Docker Engine - Community
 Version:           27.2.0
API version:       1.47
 Go version:        go1.21.13
 Git commit:        3ab4256
 Built:             Tue Aug 27 14:15:15 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.2.0
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.21.13
  Git commit:       3ab5c7d
  Built:            Tue Aug 27 14:15:15 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.21
  GitCommit:        472731909fa34bd7bc9c087e4c27943f9835f111
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 rootlesskit:
  Version:          2.0.2
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /run/user/1001/dockerd-rootless
 slirp4netns:
  Version:          1.2.1
  GitCommit:        09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger node`

[INFO] Creating CLI context "rootless"
[INFO] Using CLI context "rootless"

[INFO] Make sure the following environment variable(s) are set (or add them to ~/.bashrc):
export PATH=/usr/bin:$PATH

[INFO] Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///run/user/1001/docker.sock
```

```
node@Blaze:~$ docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
node@Blaze:~$
``` 

```
Running docker bench security from host
git clone https://github.com/docker/docker-bench-security.git
cd docker-bench-security
sudo sh docker-bench-security.sh
```

Version

Distribution [Ubuntu 24.04]


```
node@Blaze:~/docker-bench-security$ cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.1 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
node@Blaze:~/docker-bench-security$ 
```

```
~/docker-bench-security$ docker context ls
NAME         DESCRIPTION                               DOCKER ENDPOINT                     ERROR
default      Current DOCKER_HOST based configuration   unix:///var/run/docker.sock         
rootless *   Rootless mode                             unix:///run/user/1001/docker.sock   

```

```
node@Blaze:~/docker-bench-security$ systemctl --user status docker.service
● docker.service - Docker Application Container Engine (Rootless)
     Loaded: loaded (/home/node/.config/systemd/user/docker.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-09-04 23:28:57 UTC; 12min ago
       Docs: https://docs.docker.com/go/rootless/
   Main PID: 43286 (rootlesskit)
      Tasks: 34
     Memory: 40.3M (peak: 42.6M)
        CPU: 1.242s
     CGroup: /user.slice/user-1001.slice/user@1001.service/app.slice/docker.service
             ├─43286 rootlesskit --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=bu>
             ├─43296 /proc/self/exe --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver>
             ├─43317 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 43296 tap0
             ├─43324 dockerd
             └─43342 containerd --config /run/user/1001/docker/containerd/containerd.toml

Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983732896Z" level=warning msg="WARNING: No io.max (rbps) support"
Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983738950Z" level=warning msg="WARNING: No io.max (wbps) support"
Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983744729Z" level=warning msg="WARNING: No io.max (riops) support"
Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983750999Z" level=warning msg="WARNING: No io.max (wiops) support"
Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983756811Z" level=warning msg="WARNING: bridge-nf-call-iptables is disabled"
Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983771620Z" level=warning msg="WARNING: bridge-nf-call-ip6tables is disabled"
Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983791427Z" level=info msg="Docker daemon" commit=3ab5c7d containerd-snapshotter=false storage-driver=overlay2 version=27.2.0
Sep 04 23:28:56 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:56.983839748Z" level=info msg="Daemon has completed initialization"
Sep 04 23:28:57 Blaze dockerd-rootless.sh[43324]: time="2024-09-04T23:28:57.030565679Z" level=info msg="API listen on /run/user/1001/docker.sock"
Sep 04 23:28:57 Blaze systemd[983]: Started docker.service - Docker Application Container Engine (Rootless).
lines 1-25/25 (END)

```

Expected behavior
A clear and concise description of what you expected to happen.

The test should run with or without rootless enabled

Output
If applicable, add output that you get from the tool or the related section of lynis.log

```
node@Blaze:~/docker-bench-security$ sudo sh docker-bench-security.sh
Error connecting to docker daemon (does docker ps work?)
node@Blaze:~/docker-bench-security$ 
```




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Execute benchmark on rootless docker #556

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Execute benchmark on rootless docker #556

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions