I changed my docker installation to rootless. I now installed Patchmon on the host and I wanted to monitor and update my Docker images as well. But Patchmon requires docker.sock to be in /var/run. My current docker.sock is of course in /run/user/{userid}. Are there any security risks, and if so what are they, to making a symlink to have the docker.sock in /var/run as well? The /run/user/{userid}/docker.sock is owned by the user running Docker. The symlink is owned by root because of the privileges needed for /var/run.
I don’t have enough knowledge to be doing these kind of things, but I just like to tinker and I want to know how insecure this setup could be.
Does Patchmon not have a setting to look for the Docker socket in a different location?
I could be wrong but I don’t think there’s any security issues making a symlink to a socket, since permissions/ACLs on the socket would still apply.
No unfortunately they haven’t implemented the option to point to a different docker.sock.