Why does a Docker container have access to a directory on my system not explicitly mounted as volume?

I am in the process of migrating my Nextcloud instance from one server to another. I copied the Borg archive to one mountpoint, /mnt/ncbackup and intend to keep my data in /mnt/ncdata.

I couldn't really find out what to mount the backup directory to, so I just fired it up as documented in the documentation, and I was able to retrieve my backups from the non-mounted directory.

So this reveals a fundamental flaw in my understanding of how Docker works - I had assumed the container only had access to whatever was explicitly mounted. But I guess I am wrong?

This is the command I run:

    
sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--env APACHE_PORT=11000 \
--env APACHE_IP_BINDING=0.0.0.0 \
--env APACHE_ADDITIONAL_NETWORK="" \
--env SKIP_DOMAIN_VALIDATION=false \
--env NEXTCLOUD_DATADIR="/mnt/ncdata" \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
ghcr.io/nextcloud-releases/all-in-one:latest

6 comments

The Nextcloud AIO container itself doesn't have access to the backup directory, but it has access to the docker socket (/var/run/docker.sock). Having access to the docker socket means it can perform any docker operation on the host system, in this case starting a separate backup container with the backup directory mounted.
- Ah, got it! That sounds like an unhealthy amount of trust to give to a container, but I understand the need to give that access to the mastercontainer.

You are giving access to the docker socket (/var/run/docker.sock), so this container can create/edit/remove any container from your system, even add,edit, remove volumes or host path.
I have no idea if you can send modification API commands to a ReadOnly socket. I think you could, in the same way that you can do something with just HTTP-GET. Example: curl --unix-socket /var/run/docker.sock http:/images/json
Doc: https://docs.docker.com/reference/api/engine/version/v1.41/#tag/Container/operation/ContainerInspect

When giving docker access to a socket, the docker process will have access to any folder/file the running user has access to. That doesn't mean that your containers do, generally, but they can. This is how the Kinsing docker virus is so prevalent.

How did you retrieve your backups exactly?
- rsync from one server to the other.
  When actually loading in the backup from the Nextcloud AIO interface, I specified the path on my local system (not the container).

6 comments