How can I run a container in swarm mode that must have access to docker socket?

frjaraur · August 22, 2016, 5:03pm

How can I run a container in swarm mode that must have access to docker socket?, I don’t think that create a mount point when create service is a solution??

Many Thanks,
Javier R.

frjaraur · August 23, 2016, 8:43pm

I found it and I write it here in case that someone else needs it.

–mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock

Many Thanks,
Javier R.

proofy · August 30, 2023, 5:18am

Is it possible that, for security reasons, integrating the docker socket into the container is no longer sufficient?

meyay · August 30, 2023, 5:43am

Those are the options:

unix domain socket docker.sock: unix file permissions only
tcp socket: no access control at all
tcp socket with tls + certificates: certificate based auth, could be combined with Open Policy Agent for fine-grained control
docker-socket-proxy: a reverse proxy that exposes the unix domain socket as tcp socket, which allows restricting the api endpoints for resource types, still has no access control.

Topic		Replies	Views
Bind docker socket inside container fails with permission denied General docker	8	10405	July 25, 2022
How to enable only on-node communication between containers of global swarm service1 and global swarm service2? Swarm swarm	0	523	July 12, 2023
Improving Docker Swarm security with separate users? Swarm security , swarm	7	1448	December 6, 2023
Docker swarm access manager API from container General swarm	7	2371	March 11, 2020
Docker.sock mount permission General docker	4	8497	December 13, 2021

How can I run a container in swarm mode that must have access to docker socket?

Related topics