• 7

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I'd like one of my containers to be able to control docker itself, the way I'm currently doing it is by simply exposing the socket internally, but I don't like this. What I'd really like to do is do it over tcp, authenticated. What I'm not sure of is how I can expose the docker tcp socket (on consistent IP or Domain) to the internal private network only.

How can I expose docker as a service to my containers?

Docker doesn't have authentication on its socket. Anyone who can access the socket can control all containers, and can effectively break out of the container and become root on the container host (if SELinux is not in use).

First, be extremely careful if you decide to do this, that you are only running trusted code.

Second, forget about TCP; just bind-mount the Docker socket to the container. This way, only that specific container can access Docker.

docker run -v /run/docker.sock:/run/docker.sock privileged_container
  • -1
Reply Report

Trending Tags