Reputation: 9992
Why would it be necessary to give a docker container access to the docker socket?
I am reading a docker run command where it maps /var/run/docker.sock
like:
docker run -it --net=host --rm -v /var/run/docker.sock:/var/run/docker.sock theimage /bin/bash
Why would the container would need access to the socket? (this article says it is a very bad idea.)
What would be one case where the container need access to the socket?
Upvotes: 0
Views: 417
Answers (1)
Reputation: 11040
It is not necessary until the container needs to invoke itself the docker daemon, for example, in order to create and run an inner container.
For example, in my CI chain Jenkins builds a docker image to run the build and test process. Inside it we need to create an image to test and then submit it to K8S. In such situation Jenkins, when builds the pipeline container, passes to it the docker socket to allow the container to create other containers using the host server docker daemon.
Upvotes: 1
Related Questions
- Access Docker socket within container
- Permission denied while trying to connect to the Docker daemon socket
- Sharing Linux socket between Docker containers
- How do I communicate with the docker daemon from inside a container using unix sockets?
- Socket on docker
- In my Docker container, why can I still bind the port 1 without `NET_BIND_SERVICE` capability?
- Connection between docker containers via UNIX sockets
- How to connect a socket with Socket.io in a Docker container?
- Unix sockets vs TCP sockets in docker
- Can docker port forward to a unix file socket on the host container?