Ping a Specific Port

Question

xenoterracide

Asked: 2018-02-10 13:14:49 +0800 CST2018-02-10 13:14:49 +0800 CST 2018-02-10 13:14:49 +0800 CST

How can I expose the docker tcp api to the private container network?

772

I'd like one of my containers to be able to control docker itself, the way I'm currently doing it is by simply exposing the socket internally, but I don't like this. What I'd really like to do is do it over tcp, authenticated. What I'm not sure of is how I can expose the docker tcp socket (on consistent IP or Domain) to the internal private network only.

How can I expose docker as a service to my containers?

1 Answers

Voted

Michael Hampton · Answer 1 · 2018-02-10T13:32:08+08:00

Michael Hampton

2018-02-10T13:32:08+08:002018-02-10T13:32:08+08:00

Docker doesn't have authentication on its socket. Anyone who can access the socket can control all containers, and can effectively break out of the container and become root on the container host (if SELinux is not in use).

First, be extremely careful if you decide to do this, that you are only running trusted code.

Second, forget about TCP; just bind-mount the Docker socket to the container. This way, only that specific container can access Docker.

docker run -v /run/docker.sock:/run/docker.sock privileged_container

-1

How can I expose the docker tcp api to the private container network?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?