kuuhana
  • Communities
  • Multi-communities
  • Support Lemmy
  • Search
  • Login
  • Sign Up
Selfhosted@lemmy.worldbytofu@lemmy.nocturnal.garden
8 months

Restricting Docker Socket Proxy by Container

blog.foxxmd.dev English

Cross posted from: https://lemmy.nocturnal.garden/post/294603

8
    Further enhance security for socket-proxy usage with this one wierd trick
    You must log in or register to comment.
    • lefaucet@slrpnk.netEnglish
      8 months

      Does this apply to podman as well?

        • tofu@lemmy.nocturnal.gardenEnglish
          8 months

          Good question, I don’t know if Podman has a thing like Docker socket

            • Static_Rocket@lemmy.worldEnglish
              8 months

              It does, but it’s disabled by default. It’s explicitly for docker compatibility though, not a core part of the application.

          • ikidd@lemmy.worldEnglish
            8 months

            I’ve seen this done with namespaces as well. Which should work for podman.

              • tofu@lemmy.nocturnal.gardenEnglish
                8 months

                How?

                  • ikidd@lemmy.worldEnglish
                    8 months

                    userns-remap I remember seeing another method that was more manual that would have worked for Podman, but I can’t seem to find it now.

                • Cratermaker@discuss.tchncs.deEnglish
                  8 months

                  Hmm this seems like a solution to an extremely specific problem that may have been created by using docker for things outside its wheelhouse. Why would I have docker automation that I only trust to do specific things?

                    • tofu@lemmy.nocturnal.gardenEnglish
                      8 months

                      You might want a nice overview dashboard of your docker services but the tool shouldn’t be able to interfere. I think homepage (the tool) was mentioned as an example since they have a docker integration that only needs reading access

                    Selfhosted@lemmy.world

                    selfhosted@lemmy.world

                    Subscribe from remote instance

                    Create post

                    Report community

                    Modlog
                    You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world

                    A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

                    Rules:

                    1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

                    2. No spam.

                    3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

                    4. Don’t duplicate the full text of your blog or git here. Just post the link for folks to click.

                    5. Submission headline should match the article title.

                    6. No trolling.

                    Resources:

                    • selfh.st Newsletter and index of selfhosted software and apps
                    • awesome-selfhosted software
                    • awesome-sysadmin resources
                    • Self-Hosted Podcast from Jupiter Broadcasting

                    Any issues on the community? Report it using the report flag.

                    Questions? DM the mods!

                    Visibility: Public

                    This community is visible to everyone.

                    • 744 users / Day
                    • 658 users / Week
                    • 715 users / Month
                    • 13.4K users / 6 months
                    • 6.09K posts
                    • 149K comments
                    • 1 local subscriber
                    • 60K subscribers
                    • UI: 1.0.0-beta.0
                    • BE: 1.0.0-alpha.20
                    • Modlog
                    • Instances
                    • Docs
                    • Code
                    • join-lemmy.org