|
|
|
Cockpit Guide | |
|---|
Cockpit can manage containers via Docker. This functionality is present in the Cockpit docker package.
Cockpit communicates with the Docker daemon via its API via the
/var/run/docker.sock unix socket. The Docker API
is root equivalent, and on a properly configured system, only root
can access the Docker API. If the currently logged in user is not root
then Cockpit will try to
escalate the user's privileges via Polkit
or sudo before connecting to the socket.
Alternatively one may
create a docker unix group. Anyone in that docker group can then access
the Docker API, and gain root privileges on the system. This
impacts system security
and is not recommended for general usage.
Similar container functionality is available on the command line via the
docker tool:
$ sudo docker run -ti fedora /bin/bash
[root@57625bc8787e /]#