Skip to content

/var/run/docker.sock

Published October 29, 2017

If you have been using docker for a while you may have noticed that some containers requires bind mounting /var/run/docker.sock.

Or ever wondered why when docker engine/daemon is off, you get the next message when running :

docker ps

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

So what does it mean?

The docker.sock is a Unix socket and this is basically how processes in Unix can communicate with each other to share some data.
In case of docker, docker daemon uses it so any application can communicate with docker daemon directly through docker engine API.

If you are using Mac OS, and your docker runs on HyperKit, a lightweight macOS virtualization solution built on top of
the Hypervisor.framework(macOS 10.10 and above), to check you docker daemon first of all you need to switch to that VM:

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

 ps aux | grep dockerd
 1939 root       0:00 /bin/sh -c exec dockerd --pidfile=/run/docker.pid  -H unix:///var/run/docker.sock .....
 1946 root      31:43 dockerd --pidfile=/run/docker.pid -H unix:///var/run/docker.sock ...

As you can see docker daemon uses this file as well for IPC.
Let’s make a small experiment to communicate with docker daemon by using curl to send request to Docker Engine API (v1.27)
via IPC:

 curl -X GET --unix-socket /var/run/docker.sock http:/v1.31/containers/json?limit=1 | jq

The output will be something like below:


  {
    "Id": "430d207538fd241ef95db1b810c47783fb28d6664fdcbc6c63442e8ceb1c420f",
    "Names": [
      "/nostalgic_roentgen"
    ],
    "Image": "portainer/portainer",
    "ImageID": "sha256:771161a7316ea94e8a2e29d1d93a0c5576ab133d61186e8397d1e8766a514332",
    "Command": "/portainer",
    "Created": 1509213635,
    "Ports": [
      {
        "IP": "0.0.0.0",
        "PrivatePort": 9000,
        "PublicPort": 9000,
        "Type": "tcp"
      }
    ],
    ...
...

I used API to send GET request to “containers” endpoint with limit filter. It is basically similar to:

docker ps --filter...

Lets run the most lightweight(just 4MB!) container now and then stop it using IPC and docker engine API:

 docker run --name alpine -it alpine /bin/sh

curl -X POST --unix-socket /var/run/docker.sock http://v1.31/containers/`docker ps -aq --filter name=alpine`/stop

Please note I am using specific version v1.31, you may find your version by running ‘docker version’ command:

docker version
Client:
 Version:      17.07.0-ce
 API version:  1.31
 Go version:   go1.8.3
 Git commit:   8784753
 Built:        Tue Aug 29 17:41:08 2017
 OS/Arch:      darwin/amd64

Server:
 Version:      17.07.0-ce
 API version:  1.31 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   8784753
 Built:        Tue Aug 29 17:46:50 2017
 OS/Arch:      linux/amd64
 Experimental: true

Published in Docker