mbentley · September 9, 2016 16:14
diff --git a/container_root_check.sh b/container_root_check.sh
 #!/bin/bash

 # get a list of all running containers by name
 for CONTAINER_NAME in $(docker ps --filter status=running --format '{{ .Names }}')
 do
  # get a list of the processes running in the container where the process is running as root
  ROOT_PROCESSES="$(docker top ${CONTAINER_NAME} -o user,pid,ppid,command -U root -u root)"
  
  # check and see if there are processes running as root; if not, do not display anything
  if [ "$(echo "${ROOT_PROCESSES}" | grep ^root &>/dev/null; echo $?)" -eq "0" ]
  then
    # get the owner of the container
    OWNER="$(docker inspect --format='{{(index .Config.Labels "com.docker.ucp.access.owner")}}' ${CONTAINER_NAME})"
    
    # check to see if OWNER is empty; set to 'n/a' if null
    OWNER="${OWNER:-n/a}"
    
    # display the processes running as root for the given container
    echo "Container: ${CONTAINER_NAME}; Owner: ${OWNER}"
    echo -e "${ROOT_PROCESSES}\n"
  fi
 done
	#!/bin/bash

	# get a list of all running containers by name
	for CONTAINER_NAME in $(docker ps --filter status=running --format '{{ .Names }}')
	do
	# get a list of the processes running in the container where the process is running as root
	ROOT_PROCESSES="$(docker top ${CONTAINER_NAME} -o user,pid,ppid,command -U root -u root)"

	# check and see if there are processes running as root; if not, do not display anything
	if [ "$(echo "${ROOT_PROCESSES}" \| grep ^root &>/dev/null; echo $?)" -eq "0" ]
	then
	# get the owner of the container
	OWNER="$(docker inspect --format='{{(index .Config.Labels "com.docker.ucp.access.owner")}}' ${CONTAINER_NAME})"

	# check to see if OWNER is empty; set to 'n/a' if null
	OWNER="${OWNER:-n/a}"

	# display the processes running as root for the given container
	echo "Container: ${CONTAINER_NAME}; Owner: ${OWNER}"
	echo -e "${ROOT_PROCESSES}\n"
	fi
	done