3

Since Docker 20.10, it supports running the daemon in rootless mode.

It's possible to know if the docker daemon is running in rootless mode through docker info:

$ docker info
[...]
Server:
 [...]
 Security Options:
  rootless
 [...]

My question is: from within a container (i.e. in the entrypoint), how can I check if it is running in rootless mode?

PS: without relying on the user namespace detection, as not all the userns scenarios are tied to docker daemon's rootless mode.

felipecrs
  • 549
  • 4
  • 16

1 Answers1

-1

You can inspect the docker context. Use the following command:

docker context inspect

If you running a rootless context, you will get an output similar to the following one:

enter image description here

Also, you can get info using the command:

docker info

zzpzaf
  • 79
  • 6
  • Thanks for the answer. Is this within the container? If so, I have to install the docker cli within it too, right? – felipecrs Mar 29 '23 at 13:01
  • @feliperks Sorry, my fault. I didn't notice you asked, "from within a container". So my answer is no, it’s from the host. Accessing the host from within a container breaks the isolation concept. Other approaches using mounted named pipes, ssh, etc. (e.g. [here](https://stackoverflow.com/questions/32163955/how-to-run-shell-script-on-host-from-docker-container) ) require also some work to be done in the host system. But if you have access to the host, running a rootless Docker installation, you also have access to Docker CLI (e.g.: via the docker info you also mentioned). – zzpzaf Mar 30 '23 at 08:45