#!/bin/sh

echo "waiting for docker socket to be available..."

# wait for the docker runc container
while [ ! -e /var/run/docker.sock ] { sleep 1; }

echo "found docker socket, starting docker bench..."

docker run -i --net host --pid host --cap-add audit_control -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock --label docker_bench_security docker/docker-bench-security
(CommandList
  children: [
    (C {(echo)} {(DQ ("waiting for docker socket to be available..."))})
    (While
      cond: [
        (Sentence
          child: 
            (C {(Lit_Other "[")} {(KW_Bang "!")} {(-e)} {(/var/run/docker.sock)} {(Lit_Other "]")})
          terminator: <Op_Semi ";">
        )
      ]
      body: 
        (DoGroup
          children: [(Sentence child:(C {(sleep)} {(1)}) terminator:<Op_Semi ";">)]
          spids: [27 34]
        )
    )
    (C {(echo)} {(DQ ("found docker socket, starting docker bench..."))})
    (C {(docker)} {(run)} {(-i)} {(--net)} {(host)} {(--pid)} {(host)} {(--cap-add)} {(audit_control)} {(-v)} 
      {(/var/lib) (Lit_Other ":") (/var/lib)} {(-v)} {(/var/run/docker.sock) (Lit_Other ":") (/var/run/docker.sock)} {(--label)} 
      {(docker_bench_security)} {(docker/docker-bench-security)}
    )
  ]
)