0

I'm trying to access a Docker Unix socket on a remote server from within a Podman container (offen/docker-volume-backup).

I've (root-)mounted the entire root filesystem of the remote server using sshfs and can access it as root.

However, I can't connect to the Unix socket. (All servers are on AlmaLinux with SELinux, and Podman is used with sudo.)

I've tried the following settings in my Podman container:

volumes: - /mnt/fuse_to_somewhere/var/run/docker.sock:/var/run/docker.sock:ro,z security_opt: - label=disable privileged: - true

But I still get this error:

Commands: error querying for containers: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Questions:

  1. What steps are needed to connect to the Docker Unix socket from a Podman container?
  2. Are there specific permissions required for accessing the Docker socket over sshfs?
Improve this question
5
  • 1
    And, to be clear, the docker daemon is running, right? It sounds like you have a docker (not podman) setup, but want to use this podman image (not docker) to perform these backups.
    – wobtax
    CommentedFeb 28 at 18:09
  • @wobtax Yes, I am using a running docker daemon on my main host and want to use podman on my secondary host. The secondary host intended for performing backups, which shall then not be reachable from the main host. The image offen/docker-volume-backup is a docker image and which I wish to let (read) access the /var/run/docker.sock on the main host. (Offsite Backup)
    – Jack
    CommentedMar 11 at 14:26
  • I also tried to avoid using SSHFS and attempted to mount the Unix socket over SSH, but I still can't access the socket. :( Perhaps Podman is still a bit buggy? (stackoverflow.com/q/60683674)
    – Jack
    CommentedMar 11 at 14:29
  • I also had the idea of running wollomatic/socket-proxy on the main host within the Docker environment (which I wanted to try anyway) and then exposing it as a TCP socket over SSH. Ideally, I would like a solution that allows me to connect a Podman network and a Docker network over SSH. This way, I can easily add the TCP socket and the Podman containers that need access to the Docker socket to the network. Do you have any suggestions on how to achieve this and whether it's a good idea?
    – Jack
    CommentedMar 11 at 14:41
  • (I prefer not to expose the Docker TCP socket on localhost, as it feels insecure for me. This configuration allows all processes to access it without any access control.)
    – Jack
    CommentedMar 11 at 14:52

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.