Skip to content

Docker restricted check fails if docker.io is available in the repo, but not installed. #414

New issue
New issue
Open
Open
Docker restricted check fails if docker.io is available in the repo, but not installed.#414
Assignees
dz0ny
Labels
bugSomething isn't workingtriage
@nicekiwi

Description

@nicekiwi
nicekiwi
opened on Oct 31, 2025

Describe the bug
I have docker rootless installed, but Pareto says the Docker is Restricted check fails. docker.io is available in the repo, but is not installed.

Check if Docker is rootless

ezra@ezra-MS-7D77:~$ docker info | grep -E "(Root|rootless)"
  rootless
 Docker Root Dir: /home/ezra/.local/share/docker
ezra@ezra-MS-7D77:~$ ps aux | grep dockerd 
ezra      139728  0.0  0.0 2493788 11044 ?       Ssl  Oct28   2:33 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
ezra      139740  0.0  0.0 2493212 7572 ?        Sl   Oct28   0:02 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
ezra      139769  0.0  0.1 3082968 52772 ?       Sl   Oct28   2:49 dockerd
ezra     2114222  0.0  0.0   9144  2420 pts/0    S+   13:44   0:00 grep --color=auto dockerd

pareto check --verbose

• 'docker.io'                                      cmd=dpkg-query -W -f='${Package}' docker.io
  • Access Security: Access to Docker is restricted > [FAIL] Deprecated docker.io package installed via apt

dpkg

ezra@ezra-MS-7D77:~$ dpkg -l docker.io
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
un  docker.io      <none>       <none>       (no description available)

apt list:

ezra@ezra-MS-7D77:~$ apt list --installed docker.io
Listing... Done

ezra@ezra-MS-7D77:~$ apt list --installed | grep docker

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

docker-buildx-plugin/noble,now 0.29.1-1~ubuntu.24.04~noble amd64 [installed]
docker-ce-cli/noble,now 5:28.5.1-1~ubuntu.24.04~noble amd64 [installed]
docker-ce-rootless-extras/noble,now 5:28.5.1-1~ubuntu.24.04~noble amd64 [installed,automatic]
docker-ce/noble,now 5:28.5.1-1~ubuntu.24.04~noble amd64 [installed]
docker-compose-plugin/noble,now 2.40.3-1~ubuntu.24.04~noble amd64 [installed]

Pareto command:

ezra@ezra-MS-7D77:~$ dpkg-query -W -f='${Package}' docker.io
docker.io

Version
paretosecurity version 0.3.11
Ubuntu 24.04.3 LTS
Linux 6.14.0-33-generic

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingtriage

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions