How can I run a container in swarm mode that must have access to docker socket?

How can I run a container in swarm mode that must have access to docker socket?, I don’t think that create a mount point when create service is a solution??

Many Thanks,
Javier R.

I found it :smiley: and I write it here in case that someone else needs it.

–mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock

Many Thanks,
Javier R.

3 Likes

Is it possible that, for security reasons, integrating the docker socket into the container is no longer sufficient?

Those are the options:

  • unix domain socket docker.sock: unix file permissions only
  • tcp socket: no access control at all
  • tcp socket with tls + certificates: certificate based auth, could be combined with Open Policy Agent for fine-grained control
  • docker-socket-proxy: a reverse proxy that exposes the unix domain socket as tcp socket, which allows restricting the api endpoints for resource types, still has no access control.