Accessing a Docker Host with Portainer: Privileged Container Guide

jack kweyungajack kweyunga
2 min read

A simple guide to accessing the docker host from your Portainer instance

In this article, I will show you how to access the host machine from a Portainer instance.

Assumptions

  • Familiarity with Docker

  • Familiarity with Portainer

  • Docker is installed on your machine

Introduction

Portainer is management software for containers. It's packed with amazing features that make working with Docker seamless. Portainer itself runs as a Docker container. It connects to the underlying Docker host using Docker mounts. Below is a Docker Compose file showing a Portainer container deployment.

volumes:
  portainer-data:

services:
  portainer:
    container_name: portainer
    image: "docker.io/portainer/portainer-ce:2.21.0-rc2-alpine"
    ports:
      - "9000:9000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer-data:/data
    restart: always

After saving and running this compose file, a Portainer instance will be accessible at http://localhost:9000.

Lets get to it then!

Portainer has a feature called stacks that lets you define a compose project and deploy it to your Docker host (server) directly from the Portainer web interface.

Let's create a new stack with the following Docker Compose content. Remember to add a name of your stack.

services:
  chroot_service:
    image: busybox
    container_name: chroot_service
    privileged: true
    network_mode: host
    pid: host
    ipc: host
    volumes:
      - /:/host
    tty: true  # Enable TTY
    stdin_open: true  # Keep stdin open
    command: chroot /host

Now save and run this stack. You will see the following container running.

Select the container chroot_service and open an interactive console in the Portainer instance. Be sure to select the /bin/sh type since we are using busybox image.

In the console, run the chroot command into the host directory. Voila! you are in the host system console as a root user.

Seeking expert guidance in Ops, DevOps, or DevSecOps? I provide customized consultancy services for personal projects, small teams, and organizations. Whether you require assistance in optimizing operations, improving your CI/CD pipelines, or implementing strong security practices, I am here to support you. Let's collaborate to elevate your projects. Contact me today | LinkedIn | GitHub

0
Subscribe to my newsletter

Read articles from jack kweyunga directly inside your inbox. Subscribe to the newsletter, and don't miss out.

SecurityPortainerDockerDocker composeDocker Security

Written by

jack kweyunga
jack kweyunga

Am a DevSecOps practitioner, software engineer and a life long learner.