Security note about docker socket mount

2021-02-02 14:07:15 +05:30 · 2021-02-02 14:07:15 +05:30 · 6cb2ffa736
parent d90a67539f
commit 6cb2ffa736
1 changed files with 3 additions and 0 deletions
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@ -23,6 +23,9 @@ checkNewVersion = false

 [docker]
  # Make sure you mount this as readonly
+  # NOTE: readonly doesn't reduce the risk because
+  # it is a unix socket - it doesn't automatically translate
+  # read|write perms to GET/POST requests.
  endpoint = "unix:///var/run/docker.sock"
  domain = "bb8.fun"
  watch = true