Question 81815 in Docker Question posted in
The official documentation can be found here.

Link docker.sock in /var/run

<TL;DR>
I have a binary tool that relies on docker UNIX socket /var/run/docker.sock
I am running the binary in a Gitlab CI job, thus having a docker on a TCP socket tcp://docker:2375
How to bind UNIX socket /var/run/docker.sock with TCP tcp://docker:2375?
</TL;DR>

[What I have]

  • I use Gitlab pipelines with Docker-in-Docker. Docker works perfectly
  • ```yml
services:
  - docker:19-dind
variables:
  DOCKER_HOST: tcp://docker:2375
  DOCKER_TLS_CERTDIR: ""
```
  • I use twistcli (PaloAlto/PrismaCloud) to do runtime image scanning

[The problem]

  • Twistcli looks for UNIX socket /var/run/docker.sock (hardcoded in the binary + no cli flag for changing that (see here))
  • Docker daemon is here available with a TCP socket tcp://docker:2375 (see here)

[What I tried]

# TEST 1
ln -s tcp://docker:2375 /var/run/docker.sock
./twistcli sandbox image_to_scan
ERROR: Get "http://unix.sock/version": dial unix /var/run/docker.sock: connect: no such file or directory

# TEST 2
touch /var/run/docker.sock
socat -v TCP-LISTEN:docker:2375,fork UNIX-CONNECT:/var/run/docker.sock
./twistcli sandbox image_to_scan
ERROR: cannot connect to Docker endpoint

# TEST 3 (@larsks' proposition)
socat -v tcp-connect:docker:2375 unix-listen:/var/run/docker.sock,fork
ERROR: Failed to extract Platform data from docker version: failed to fetch docker api version 'Get "http://unix.sock/version": EOF'

[My question]

  • How to trick the system so /var/run/docker.sock actually points to the tcp://docker:2375 docker.sock ?
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    thank you for your help!

    Inverting the 2 helps but now I have a Failed to extract Platform data from docker version: failed to fetch docker api version 'Get "http://unix.sock/version": EOF'

    ./twistcli sandbox 1/2 (gitlab)
    ./twistcli sandbox 2/2 (gitlab)
    (Sorry, I need 10 reputation to post images)

    Same happened on WSL2 on which I also socat the docker.sock:
    ./twistcli sandbox 1/1 (wsl2)

    EDIT: I did some digging. Using my WSL2 machine with socat I am able to run docker images and docker ps. However, docker run hangs forever + exiting the socat command give an EOF error on the docker run.

    docker ps
    docker images

    docker run


  2. 0

    You have the right idea with your socat command, but you have your parameters backwards. You already have a Docker daemon listening on port 2375, so you don’t want socat to listen on that address: You want socat to listen on the unix socket, and proxy connections to the TCP socket:

    socat -v tcp-connect:docker:2375 unix-listen:/var/run/docker.sock,fork

    With this in place, I can successfully access a TCP-enabled remote docker daemon using a local Unix socket.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search