Summary
The container mounts the host Docker socket, granting it the ability to spawn arbitrary containers on the host. This is true even though the socket is mounted read-only (:ro), which only prevents writes to the socket file, not to the Docker API.
Location
docker-compose.yml — socket volume mountDockerfile — docker user/group setup
Risk
A process running inside this container (or a compromised cron job) can:
- Start privileged containers on the host
- Mount host filesystem paths into new containers
- Execute commands in other running containers via
docker exec
- Read secrets from other containers' environments
Recommended Mitigations
- Docker socket proxy: Replace direct socket access with docker-socket-proxy to limit which Docker API endpoints are accessible
- seccomp/AppArmor: Apply a restrictive security profile to the container
- Documentation: Clearly document this risk in the README so operators understand the trust boundary before deploying
Severity
High (inherent architectural risk — mitigate and document rather than fully eliminate)
Summary
The container mounts the host Docker socket, granting it the ability to spawn arbitrary containers on the host. This is true even though the socket is mounted read-only (
:ro), which only prevents writes to the socket file, not to the Docker API.Location
docker-compose.yml— socket volume mountDockerfile—dockeruser/group setupRisk
A process running inside this container (or a compromised cron job) can:
docker execRecommended Mitigations
Severity
High (inherent architectural risk — mitigate and document rather than fully eliminate)