Difficulty: Beginner
Estimated Time: 10 minutes

This scenario introduces the potential security concerns around docker.sock and what you need to be aware of when providing access to the file in containers.

In this scenario, we explored the potential problems if an attacker gets access to the docker.sock file. Once they have access they have complete control over the host, allowing them to perform privilege escalation and launch privileged containers to gain additional access than the original container.

Dangers of mounting docker.sock

Step 1 of 4

Mounting docker.sock

Containers use the docker.sock file as a way to communicate with the host Docker daemon. Accessing the daemon is used as a way to listen to Docker events, for example, when containers start/stop, to update application configuration. A popular framework using this is nginx-proxy which serves as a load balancer for containers.

Mounting the file is done via the volume flag, for example -v /var/run/docker.sock:/var/run/docker.sock

However, you need to be careful of what images you trust with this file which we'll explore in the next step.