1

Im inside a docker container and ran netstat -x | grep docker which got me the:

unix  3      [ ]         STREAM     CONNECTED     62288711 /var/run/docker.sock
unix  3      [ ]         STREAM     CONNECTED     59416957 /var/run/docker.sock
unix  3      [ ]         STREAM     CONNECTED      52070 /var/run/dockershim.sock
unix  3      [ ]         STREAM     CONNECTED      52071 /var/run/dockershim.sock
unix  3      [ ]         STREAM     CONNECTED      51987 /var/run/docker.sock
unix  3      [ ]         STREAM     CONNECTED     63299168 /var/run/docker.sock
unix  3      [ ]         STREAM     CONNECTED      52649 /var/run/docker.sock
unix  3      [ ]         STREAM     CONNECTED      42851 /var/run/docker/libcontainerd/docker-containerd.sock

But when I want to access /var/run/docker.sock or even /var/run I get

ls: /var/run/: No such file or directory

Is this some kind of security mechanism like a capability which is dropped? I wonder why netstat can point to such a path while it is not even there? Is there some other way to access this socket, since it has to be there somehow?

alexander.polomodov
  • 1,068
  • 3
  • 10
  • 14
InsOp
  • 113
  • 4
  • Please include the full command line you used to start the container. In particular, the network namespace you selected and any volume mounts. – BMitch Jul 20 '18 at 14:33

1 Answers1

1

Running this command inside a docker container shows you information about sockets in a whole system (not just inside your container). This information is available for container processes via /proc/net/unix and other similar files, which netstat uses. Therefore /var/run/... in netstat's output is a global path on your system, not available for that particular container.

ameiji
  • 41
  • 3