cloud computing – How to execute a command directly on the host system through docker.sock in a Docker container?

The best way that I’ve found to execute commands on the underlying host with an exposed Docker socket is Ian Miell’s most pointless docker command ever

The command looks like this :-

docker run -ti –privileged –net=host –pid=host –ipc=host –volume /:/host busybox chroot /host

and will essentially drop you straight into a full root shell on the underlying host.

To break the command down

–privileged will remove the default Docker security layers like Apparmor and capability restrictions.

–net=host –pid=host –ipc=host runs the process in the host’s namespaces instead of a separate set of namespaces for the contained process.

–volume /:/host mounts the host root filesystems as /host inside the container

then

chroot /host as a command changes the root to that /host directory.

If you’re running via Kubernetes, you can use The most pointless Kubernetes command which effectively does the same thing (assuming the cluster doesn’t have a restrictive Pod Security Policy in place).

Leave a Comment

Your email address will not be published. Required fields are marked *