Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

Apple

docker_containers

Docker containers information.

Column	Type	Description
cgroup_namespace	text	cgroup namespace Only available on Linux
command	text	Command with arguments
config_entrypoint	text	Container entrypoint(s)
created	bigint	Time of creation as UNIX time
env_variables	text	Container environmental variables
finished_at	text	Container finish time as string
id	text	Container ID
image	text	Docker image (name) used to launch this container
image_id	text	Docker image ID
ipc_namespace	text	IPC namespace Only available on Linux
mnt_namespace	text	Mount namespace Only available on Linux
name	text	Container name
net_namespace	text	Network namespace Only available on Linux
path	text	Container path
pid	bigint	Identifier of the initial process
pid_namespace	text	PID namespace Only available on Linux
privileged	integer	Is the container privileged
readonly_rootfs	integer	Is the root filesystem mounted as read only
security_options	text	List of container security options
started_at	text	Container start time as string
state	text	Container state (created, restarting, running, removing, paused, exited, dead)
status	text	Container status information
user_namespace	text	User namespace Only available on Linux
uts_namespace	text	UTS namespace Only available on Linux

Identify containers that are running with high privileges.

SELECT state, status, image, image_id FROM docker_containers WHERE privileged='1';

Edit page

Ask us anything

Multi platform Device management Orchestration Software management Integrations Pricing

Documentation Support Docs API Release notes Get your license

Company About News Jobs Logos/artwork Why open source?

SOC2 Type 2

Tried Fleet yet?

Get started with Fleet