Privileged mode: Running ctop in docker under SELinux
Some programs like ctop
are nice to run using docker containers, so that you don't have to manually download a binary and copy it into /usr/local/bin
, where it will sit in a sad little corner, unmanaged by apt or yum.
But if you run an SELinux-enabled distribution, you'll find that running ctop
as the documentation suggests, fails:
docker run --rm -ti \
--name=ctop \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
quay.io/vektorlab/ctop:latest
π³ π³ π³
ctop - error βββββββ
β β
β [12:54:15 UTC] attempting to reconnect... β
β β
β [12:54:16 UTC] Get http://unix.sock/info: dial unix /var/run/docker.sock: con β
β nect: permission denied
What's going on here? Presumably SELinux is blocking the ctop
container's access to information necesarry for monitoring the other containers.
The Fix
Luckily, there's a very easy fix for this! You can just run the ctop
container in privileged mode:
docker run --privileged --rm -ti \
--name=ctop \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
quay.io/vektorlab/ctop:latest
Now you can see all your favorite containers, interact with their log interfaces, dip into their shells, etc:
ctop - 12:57:42 UTC 8 containers
NAME CID CPU MEM NET RX/TX IO R/W PIDS
β bugout_botβ¦ 8f84fe3983β¦ 1% 2M / 944M 19M / 16M 1M / 0B 6
β bugout_bugβ¦ 16f1479be4β¦ 0% 3M / 944M 1M / 1M 6M / 0B 5
β bugout_gatβ¦ fc951914dfβ¦ 0% 3M / 944M 56M / 35M 256K / 0B 21