This command is awkward 'docket exec -t vaultwarden sh' , let's just have docker sh vaultwarden already ! (lemmy.ml)

submitted 5 days ago* (last edited 5 days ago) by interdimensionalmeme@lemmy.ml to c/linux@lemmy.ml

18 comments fedilink hide all child comments

I thought this would be hard, but turns out the following oneliner does it, with maybe no sideeffects ?

echo 'docker() { [ "$1" = "sh" ] && docker exec -it "$2" sh || command docker "$@"; }' >> ~/.bashrc && source ~/.bashrc

This creates a bash alias for "docker ps" , every other command should run as normal

Now I just need to remember to run this one liner on every single computer I use in the future...

you are viewing a single comment's thread
view the rest of the comments

[-] interdimensionalmeme@lemmy.ml 0 points 5 days ago

How do you go inside those containers and poke around then ?

[-] bjornsno@lemm.ee 38 points 5 days ago

That's the neat thing, you don't

Jokes aside, you create a custom Dockerfile and copy a statically compiled shell binary.

[-] vinnymac@lemmy.world 1 points 5 days ago

Always wondered why this wasn’t automated, from an ergonomics perspective, a command that lets me open a shell could detect that no shell exists, and then do as you said, without me having to lift a finger. It’s not very unix-y, but it could be a sort of plug-in for Docker CLIs.

[-] nous@programming.dev 3 points 5 days ago

It does exist with docker debug.

[-] interdimensionalmeme@lemmy.ml 4 points 5 days ago

Note

Docker Debug requires a Pro, Team, or Business subcription.

I don't know if that applies to me but big yikes!

[-] nous@programming.dev 2 points 5 days ago

Oh, misses that bit... Seems there is a third party plugin that does something similar.

[-] vinnymac@lemmy.world 1 points 4 days ago

Now that is more what I had in mind! I’ll definitely be using this, thanks

[-] nous@programming.dev 9 points 5 days ago

Generally speaking you shouldn't be poking around running containers. It is rare that I have ever needed to do that. If you want to inspect the contents of an image then tools like dive are helpful. If the container produces some useful output that you might need then put that into a volume, you can then mount that volume to a debug/inspect container to read the files without messing around with the rest of the container.

Shell-less containers are a great security feature - it is extremely hard to get a reverse shell on something that does not have any shell. And if you must have a shell to debug something docker already has a feature for that docker debug which works for shell-less containers as well.

this post was submitted on 23 Dec 2024

15 points (69.2% liked)

Linux

48740 readers

1412 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz