Prevent Docker containers from mounting docker.sock
pending feedback
N
Neon green Lion
I discovered that some Docker containers in our build infrastructure are mounting the docker.sock file, which poses a security risk. I couldn't find a way to prevent this from happening in the current configuration. It would be beneficial to have an option to prevent containers from mounting the docker.sock file to enhance security.
Log In
s
shivkumar.loka
pending feedback
s
shivkumar.loka
Hi Gustavo,
Thank you for raising this concern. In Harness Cloud, while containers may mount the docker.sock file, each build runs in an isolated, ephemeral VM dedicated to that pipeline execution. This ensures that even if a container runs as root and has access to docker.sock, its scope is strictly limited to that VM and wouldn't impact other tenants.
We mount docker.sock to enable Docker operations like building and pushing images. If your use case requires additional controls, we’d be happy to discuss further or connect you with our support team.
Best regards,
Shivkumar Loka
Product Team
Harness