[itintheory]

You can. I think there's a couple approaches - bind mount the docker socket, or expose it on localhost, and use host networking for the consuming container, or there exist various proxy projects for the socket. There may be other ways, curious if anyone else knows more.

[mystifyingpoi]

> bind mount the docker socket

Bind-mounting /var/run/docker.sock gives 100% root access to anyone that can write it. It's a complete non-starter for any serious deployment, and we should not even consider it at any time.

[itintheory]

Sure, but sometimes that's what you intend. Docker isn't always used for, nor is it particularly designed to be a security / sandboxing solution. If I'm running a tool as root that interacts with the docker daemon, I might choose to run it in a container still.

[NewJazz]

That's not even close to the same as a well thought out rbac system, sorry.

[itintheory]

> Can you control the docker swarm API from within a container that is running inside of it?

The question didn't ask about RBAC, well thought out or not.