Cross posted from: lemmy.nocturnal.garden/post/294603
I’ve seen this done with namespaces as well. Which should work for podman.
Restricting Docker Socket Proxy by Container
Submitted 1 week ago by tofu@lemmy.nocturnal.garden to selfhosted@lemmy.world
https://blog.foxxmd.dev/posts/restricting-socket-proxy-by-container/
Comments
ikidd@lemmy.world 6 days ago
Cratermaker@discuss.tchncs.de 6 days ago
Hmm this seems like a solution to an extremely specific problem that may have been created by using docker for things outside its wheelhouse. Why would I have docker automation that I only trust to do specific things?
tofu@lemmy.nocturnal.garden 6 days ago
You might want a nice overview dashboard of your docker services but the tool shouldn’t be able to interfere. I think homepage (the tool) was mentioned as an example since they have a docker integration that only needs reading access
lefaucet@slrpnk.net 1 week ago
Does this apply to podman as well?
tofu@lemmy.nocturnal.garden 1 week ago
Good question, I don’t know if Podman has a thing like Docker socket
Static_Rocket@lemmy.world 1 week ago
It does, but it’s disabled by default. It’s explicitly for docker compatibility though, not a core part of the application.