Can anyone explain docker.sock

I am trying to understand the actual reason for mounting docker.sock in docker-compose.yml file. Is it for auto-discovery?


volumes:
- /var/run/docker.sock:/var/run/docker.sock

  • Docker MYSQL '[2002] Connection refused'
  • Writing Dockerfile for Dockerhub Automated builds
  • Docker undo rm container
  • How to use nested docker.image('test_image').inside() in a Jenkins pipeline
  • Having problems deploying an go app to docker
  • Is there a way to “hibernate” a linux container
  • Scaling Azure Container Service with private ports on containers
  • Run a Docker image as a command line utility in Windows?
  • Application manager in YARN setup
  • How to remove port from docker container?
  • Composer Install (own Container) with Docker missing PHP Extensions
  • Connect to a Service running inside a docker container from outside
  • One Solution collect form web for “Can anyone explain docker.sock”

    docker.sock is the UNIX socket that Docker daemon is listening to. It’s the main entry point for Docker API. It also can be TCP socket but by default for security reasons Docker defaults to use UNIX socket.

    Docker cli client uses this socket to execute docker commands by default. You can override these settings as well.

    There might be different reasons why you may need to mount Docker socket inside a container. Like launching new containers from within another container. Or for auto service discovery and Logging purposes. This increases attack surface so you should be careful if you mount docker socket inside a container there are trusted codes running inside that container otherwise you can simply compromise your host that is running docker daemon, since Docker by default launches all containers as root.

    Docker socket has a docker group in most installation so users within that group can run docker commands against docker socket without root permission but actual docker containers still get root permission since docker daemon runs as root effectively (it needs root permission to access namespace and cgroups).

    I hope it answers your question.

    More info: https://docs.docker.com/engine/reference/commandline/daemon/

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.