[Feature Request] Make Docker Socket feature protocol aware #35

New Issue

Closed

opened 2025-11-19 07:12:32 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2025-11-19 07:12:32 -06:00

Owner

Copy Link

Originally created by @beefstew809 on GitHub (Jun 7, 2025).

I am trying to use the new DOCKER_SOCKET option that was recently released. Instead of exposing /var/run/docker.sock directly, I am using a socket-proxy container (lscr.io/linuxserver/socket-proxy - https://docs.linuxserver.io/images/docker-socket-proxy) to help secure my environment more.

If I set DOCKER_SOCKET=tcp://socket-proxy:2375 then I receive back the log Docker socket check response sent: available=false. Note that socket-proxy is the name of my container. It could be any name or port after the tcp:// portion.

It looks like the code looks specifically for /var/run/docker.sock and that it does not accept TCP protocols (it is specifically looking for unix).

See:

50b621f17c/docker/client.go (L52-L59)

I think it will be more than just doing a check and accepting TCP in the above function as I see the code is appending unix to the socketPath at 50b621f17c/docker/client.go (L83)

Request: Make the code protocol aware so that security enhancements such as socket-proxy can be used

Thank you for your condsideration and for this awesome project!

Originally created by @beefstew809 on GitHub (Jun 7, 2025). I am trying to use the new `DOCKER_SOCKET` option that was recently released. Instead of exposing `/var/run/docker.sock` directly, I am using a `socket-proxy` container (`lscr.io/linuxserver/socket-proxy` - https://docs.linuxserver.io/images/docker-socket-proxy) to help secure my environment more. If I set `DOCKER_SOCKET=tcp://socket-proxy:2375` then I receive back the log `Docker socket check response sent: available=false`. Note that `socket-proxy` is the name of my container. It could be any name or port after the `tcp://` portion. It looks like the code looks specifically for `/var/run/docker.sock` and that it does not accept TCP protocols (it is specifically looking for unix). See: https://github.com/fosrl/newt/blob/50b621f17c5380ff45acd6fb394712ebf6ebd17e/docker/client.go#L52-L59 I think it will be more than just doing a check and accepting TCP in the above function as I see the code is appending unix to the `socketPath` at https://github.com/fosrl/newt/blob/50b621f17c5380ff45acd6fb394712ebf6ebd17e/docker/client.go#L83 Request: Make the code protocol aware so that security enhancements such as `socket-proxy` can be used Thank you for your condsideration and for this awesome project!

GiteaMirror closed this issue 2025-11-19 07:12:32 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/github_actions/docker/build-push-action-7.0.0

dependabot/github_actions/docker/login-action-4.0.0

dependabot/github_actions/aquasecurity/trivy-action-0.35.0

dependabot/go_modules/prod-patch-updates-3194e6d214

dependabot/github_actions/docker/setup-buildx-action-4.0.0

dependabot/github_actions/actions/stale-10.2.0

dependabot/docker/minor-updates-1134f52710

dev

msg-opt

ssh-agent

msg-delivery

icmp2

port-firewall

platform

hp-multi-client

holepunch

updown

1.10.2

v1.10.2

1.10.1

v1.10.1

1.10.0

v1.10.0

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

v1.9.0

1.8.1

v1.8.1

v1.8.0

1.8.0

1.8.0-rc.0

1.7.0

1.6.1

1.7.0-rc.0

1.6.0

v1.0.1

1.4.9

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

enhancement

good first issue

help wanted

Improvement

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#35