Docker Socket Binding Cheatsheet
Unix domain sockets (or Unix sockets) are a form of inter-process communication (IPC) used for communication between processes on the same host machine. They are faster and more secure than network-based communication for local processes.
How It Works
Unlike port binding, which uses TCP/IP, Unix sockets communicate via a special file in the file system. To enable a container to communicate with a process on the host using a socket, you use a **bind mount** to share the socket file. This makes the host's socket file available inside the container.
docker run -v /var/run/docker.sock:/var/run/docker.sock [IMAGE_NAME]In this example:
-v: The flag for creating a bind mount./var/run/docker.sock: The path to the Unix socket file on the **host**./var/run/docker.sock: The path to the same socket file inside the **container**.
Use Case
The most common use case for this type of communication is to allow a container to run Docker commands itself. For example, a container running a CI/CD pipeline might need to build and run other containers. By bind-mounting the host's Docker socket, the container can act as a Docker client and communicate directly with the Docker daemon running on the host.
Important Note
Giving a container access to the host's Docker socket is a significant security risk, as it effectively gives the container root-level access to the host machine. You should only do this for trusted containers and use it with caution.