grafclouds.com / documents / insights / training / devops-challenges / docker-privileged-socket-mount

The Container Needs Docker, So Mount the Socket and Run --privileged?

Intermediate ~12 min read
DockerSecurity

Scenario

Your CI pipeline runs each job inside a throwaway container on a shared runner host. One stage needs to build a Docker image and push it to the registry — but inside the job container there's no Docker daemon, so docker build dies with a permission error and the pipeline is red. The detail that changes everything: this pipeline also runs on pull requests from external contributors. Code written by strangers on the internet executes in these job containers.

The Quick Fix on the Table

Mount the host's /var/run/docker.sock into the job container and add --privileged for good measure. It's a two-line runner config change, the build goes green immediately, and the team moves on.

Interview · Round 1

The quick fix is on the table and the room is waiting for your call. Would you sign off on it? Take a position and justify it — out loud or on paper — before revealing the analysis.