Restricting Docker Socket Proxy by Container
(blog.foxxmd.dev)
from tofu@lemmy.nocturnal.garden to selfhosted@lemmy.world on 11 Oct 19:00
https://lemmy.nocturnal.garden/post/294604
from tofu@lemmy.nocturnal.garden to selfhosted@lemmy.world on 11 Oct 19:00
https://lemmy.nocturnal.garden/post/294604
Cross posted from: lemmy.nocturnal.garden/post/294603
#selfhosted
threaded - newest
Does this apply to podman as well?
Good question, I don’t know if Podman has a thing like Docker socket
It does, but it’s disabled by default. It’s explicitly for docker compatibility though, not a core part of the application.
I’ve seen this done with namespaces as well. Which should work for podman.
How?
userns-remapI remember seeing another method that was more manual that would have worked for Podman, but I can’t seem to find it now.Hmm this seems like a solution to an extremely specific problem that may have been created by using docker for things outside its wheelhouse. Why would I have docker automation that I only trust to do specific things?
You might want a nice overview dashboard of your docker services but the tool shouldn’t be able to interfere. I think homepage (the tool) was mentioned as an example since they have a docker integration that only needs reading access