What security concern arises from mounting the Docker socket ("/var/run/docker.sock") into a container, and why is this sometimes called "Docker-in-Docker via socket mounting"?
Correct! Well done.
Incorrect.
The correct answer is B) A container with access to the host's Docker socket can issue commands to the host's Docker daemon, effectively granting it root-equivalent control over the host — a container escape vector if the application is compromised
Correct Answer
A container with access to the host's Docker socket can issue commands to the host's Docker daemon, effectively granting it root-equivalent control over the host — a container escape vector if the application is compromised
The Docker daemon runs as root, so any process that can talk to its socket can create privileged containers, mount the host filesystem, and effectively gain root on the host — making this a significant privilege escalation risk if exposed to untrusted code.