Detect whether docker socket inside a container belongs to the docker daemon running inside it or is injected from the container host

Question

I am looking for a reliable method for detecting whether the docker socket inside a container, such as /var/run/docker.sock, is injected from the docker host into the container using the -v parameter (docker run -v /var/run/docker.sock:/var/run/docker.sock image-name:image-tag) or is created by a docker daemon that is running inside the docker container ( run dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 in the entrypoint of the docker container).

I want to underline that I want to check this inside the container not on the host machine.

My preferred solution would be a shell script that can be executed inside the container. The output might be a string such as "docker-in-docker" or "injected-socket" (depending on the detected mode).

score 1 · Accepted Answer · answered Mar 24 '20 at 12:14

I found the following solution for checking whether a volume is mounted inside a container: Docker - check within the container if a directory is mounted from the host or not

The following script works for alpine and debian containers:

#!/bin/sh

v=$(mount | grep "/run/docker.sock")

if [ -n "$v" ]; then
  echo "injected-socket"
elif [ -S /var/run/docker.sock ]; then
  echo "local-socket"
else
  echo "no-socket"
  exit 1
fi

Additional references:

Check for empty command output https://stackoverflow.com/a/37618542/4202031

Recognize the existence of a socket file https://stackoverflow.com/a/12137503/4202031

Detect whether docker socket inside a container belongs to the docker daemon running inside it or is injected from the container host

1 Answers1