Add additional check for dockershim.sock

.github/workflows/release.yml

@@ -20,5 +20,5 @@ jobs:
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-            #      - name: Update new version in krew-index
-            #uses: rajatjindal/[email protected]
+      # - name: Update new version in krew-index
+      #   uses: rajatjindal/[email protected]

.krew.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   version: {{ .TagName }}
   homepage: https://github.com/aws-containers/kubectl-detector-for-docker-socket
-  shortDescription: Detect if workloads are mounting docker.sock
+  shortDescription: Detect if workloads are mounting the docker socket
   description: |
     This plugin checks workloads in a Kubernetes cluster or manifest files
     and reports if any of the mounted volumes contain the string "docker.sock".
@@ -20,7 +20,7 @@ spec:
     {{addURIAndSha "https://github.com/aws-containers/kubectl-detector-for-docker-socket/releases/download/{{ .TagName }}/kubectl-detector-for-docker-socket_{{ .TagName }}_darwin_amd64.tar.gz" .TagName }}
     bin: "./kubectl-dds"
     files:
-    - from: kubectl-example
+    - from: kubectl-dds
       to: .
     - from: LICENSE
       to: .
@@ -31,7 +31,7 @@ spec:
     {{addURIAndSha "https://github.com/aws-containers/kubectl-detector-for-docker-socket/releases/download/{{ .TagName }}/kubectl-detector-for-docker-socket_{{ .TagName }}_darwin_arm64.tar.gz" .TagName }}
     bin: "./kubectl-dds"
     files:
-    - from: kubectl-example
+    - from: kubectl-dds
       to: .
     - from: LICENSE
       to: .
@@ -42,7 +42,7 @@ spec:
     {{addURIAndSha "https://github.com/aws-containers/kubectl-detector-for-docker-socket/releases/download/{{ .TagName }}/kubectl-detector-for-docker-socket_{{ .TagName }}_linux_amd64.tar.gz" .TagName }}
     bin: "./kubectl-dds"
     files:
-    - from: kubectl-example
+    - from: kubectl-dds
       to: .
     - from: LICENSE
       to: .

main.go

@@ -275,7 +275,7 @@ func printResources(namespace corev1.Namespace, clientset *kubernetes.Clientset,
 		for _, v := range daemonset.Spec.Template.Spec.Volumes {
 			if v.VolumeSource.HostPath != nil {
 				// fmt.Printf("testing %s\n", v.VolumeSource.HostPath.Path)
-				if strings.Contains(v.VolumeSource.HostPath.Path, "docker.sock") {
+				if containsDockerSock(v.VolumeSource.HostPath.Path) {
 					fmt.Fprintf(w, "%s\t%s\t%s\t%s\t\n", namespaceName, "daemonset", daemonset.Name, "mounted")
 					break
 				}
@@ -312,13 +312,21 @@ func printResources(namespace corev1.Namespace, clientset *kubernetes.Clientset,
 	}
 }
 
+func containsDockerSock(s string) bool {
+	if strings.Contains(s, "docker.sock") || strings.Contains(s, "dockershim.sock") {
+		return true
+	} else {
+		return false
+	}
+}
+
 func printVolumes(w *tabwriter.Writer, volumes []corev1.Volume, namespace, resType, resName string, verbose bool) bool {
 	// initialize sockFound to use for exit code
 	sockFound := false
 	for _, v := range volumes {
 		if v.VolumeSource.HostPath != nil {
 			mounted := "not-mounted"
-			if strings.Contains(v.VolumeSource.HostPath.Path, "docker.sock") {
+			if containsDockerSock(v.VolumeSource.HostPath.Path) {
 				mounted = "mounted"
 				sockFound = true
 			}
@@ -365,7 +373,7 @@ func searchFile(path string) (int, error) {
 
 	line := 1
 	for scanner.Scan() {
-		if strings.Contains(scanner.Text(), "docker.sock") {
+		if containsDockerSock(scanner.Text()) {
 			return line, nil
 		}