Docker Community Forums

Share and learn in the Docker community.

Using SocketCAN/PF_CAN inside a docker container without exposing host net


I am trying to have a docker container hosting an app with Socketcan access, but for security reasons I do not want to expose the hosts network stack. (e.g docker run --net=host …)

It seems that there might be some solution (after reading some news on, but I cant find any manual.

Maybe here somebody knows something more?


Have you found any solution? I’d be interested in this as well. Would like to run 2 programs inside a container which would communicate through Socketcan.


As you can see, nobody seems to be interested.

My solution:

I dropped docker for this kind of use-case and use kind of a “proxy” on the host forwarding CAN-messages via mqtt :frowning:


Sure thanks for answering. Will probably do this myself with --network=host.