Execute host commands from within a docker container

security docker
19,291

Although it might not be best practice it is still possible to control the host from inside a container. If you are running docker-compose commands you can bind mount the docker socket by using -v /var/run/docker.sock:/var/run/docker.sock on ubuntu. If you want to use other system tools you will have to bind mount all required volumes using -v this gets really tricky and tedious when you want to use system bins that use /lib.*.so files.

If you need to use sudo commands don't forget to add --privileged flag when running the container

Share:
19,291
rgareth
Author by

rgareth

Updated on June 05, 2022

Comments

  • rgareth
    rgareth about 2 years

    I'm looking for a way for a user to be able to execute a limited set of commands on the host, while only accessing it from containers/browser. The goal is to prevent the need for SSH'ing to the host just to run commands occasionally like make start, make stop, etc. These make commands just execute a series of docker-compose commands and are needed sometimes in dev.

    The two possible ways in I can think of are:

    • Via cloud9 terminal inside browser (we'll already be using it). By default this terminal only accesses the container itself of course.
    • Via a custom mini webapp (e.g. node.js/express) with buttons that map to commands. This would be easy to do if running on the host itself, but I want to keep all code like this as containers.
    • rgareth
      rgareth almost 9 years
      Thank you for the clarifications that accessing host processes is against docker methodology. I guess then the answer is that I need a non-docker process (e.g. webserver) that runs directly on the host instead of instead of inside a container.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Securing a Docker container with HTTP BASIC AUTH
Contain Docker Engine with AppArmor
How should I configure SELinux when running nginx inside Docker
"docker-compose up" as root user or non-root user?
How do I mount a private /proc inside a namespace inside a docker container?
Restricting the network access of Docker container
How to use docker secrets without a swarm cluster?
How to handle security updates within Docker containers?
How to prohibit access to internals of Docker container?
How can you pass private environment variables to FARGATE tasks specified from a Docker Compose config