Only if you have access to a running instance of Docker somehow.
Remember: Access to Docker is root-level access. So, any process (including containers) which have access to run Docker commands, have root-level permissions on whichever host the daemon is running.
That said, you have two options:
- Run Docker-in-Docker – see the instructions there for details
- Bind-mount the Docker socket at
/var/run/docker.sock into the container and communicate with the original Docker daemon using this network socket. So, for instance, you could also bind mount the Docker binary from the host (if it’s statically compiled), and use that:
$ docker run -ti -v /var/run/docker.sock:/var/run/docker.sock \
-v $(which docker):$(which docker) \
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fd76985d9dad debian "docker ps" Less than a second ago Up Less than a second nauseous_thompson
In the case of invoking from C++ or Java code, you’d probably find client bindings for your language (which directly access the Docker API using HTTP-ish), and connect to that socket.