Docker in Docker - Mounting the Docker Socket
I came across the case where I wanted an app running in a docker container to start other docker containers. I found two ways to do this:
mount the docker socket into the container that wants to start further docker containers via
really install docker inside another docker container which seems to be the way more complicated way.
So I went with solution 1, which worked great. Today I realized that solution 1 also includes a very major security-risk which I wasn't aware of:
# inside your container, start another container with / mounted to /test root@b55991bee8df:/tmp# docker run -it --rm -v /:/test rweng/fv bash # now in the new container, check out /test root@9e3b8daee88e:/app# ls /test/ Users bin dev etc home init lib lib64 linuxrc mnt opt proc root run sbin sys tmp usr var
As you can see, due to the fact that the command is actually run outside the container you can start another container with the whole host mounted. I switched to using the