SockguardSockguard

Presets

Ready-made sockguard configs for drydock, Traefik, Portainer, Watchtower, Homepage, Homarr, Diun, Autoheal, GitHub Actions and GitLab runners, the CIS Docker Benchmark, and read-only dashboards.

Sockguard ships with ready-made config presets for common Docker consumers. All presets are bundled in the container image at /etc/sockguard/.

Drydock (drydock.yaml)

Optimized for the drydock container update manager.

Use for: drydock, or any container updater that needs lifecycle control + image pull.

# Allows: container read, start, stop, restart, remove, create
# Allows: image read, pull
# Allows: network read, volume read, distribution
# Denies: exec, build, swarm, secrets, plugins
# container-create bodies are inspected by default — add host bind-mount sources to
# request_body.container_create.allowed_bind_mounts if your updates require them.
# image pulls are inspected too; this preset explicitly allows arbitrary registries
# while still denying image imports via fromSrc
# container updates are inspected; restart-policy/resource/device/capability changes
# stay denied unless you explicitly allow them under request_body.container_update

Traefik (traefik.yaml)

Minimal read-only access for Traefik reverse proxy.

Use for: Traefik, nginx-proxy, or any reverse proxy with Docker provider.

# Allows: GET on containers, networks, services, tasks, events, ping, version
# Denies: everything else

Portainer (portainer.yaml)

Full Docker API access for Portainer management UI.

Use for: Portainer with full management capabilities.

# Allows: containers, images, networks, volumes, exec, build, swarm, plugins (full R/W)
# WARNING: This grants near-full Docker socket access
# Container, image, build, network, swarm, node, and plugin writes are inspected, but
# Portainer's arbitrary exec/plugin-setting behavior may still require the unsafe opt-in

Watchtower (watchtower.yaml)

Optimized for the Watchtower container auto-updater.

Use for: Watchtower with lifecycle hooks and network-aware updates.

# Allows: container lifecycle (start, stop, kill, restart, rename, remove, create)
# Allows: image pull/remove, exec (lifecycle hooks), network connect/disconnect
# Denies: build, swarm, secrets, plugins
# Container-create, image-pull, and network attach requests are inspected; exec lifecycle
# hooks can be inspected too, but this preset keeps insecure_allow_body_blind_writes=true for arbitrary hooks

Homepage (homepage.yaml)

Read-only access for the Homepage dashboard.

Use for: Homepage, or any dashboard that only reads container state and stats.

# Allows: GET on containers (list, inspect, stats), images, services, tasks, events
# Denies: all write operations

Homarr (homarr.yaml)

Optimized for Homarr dashboard with container management.

Use for: Homarr with start/stop/restart controls enabled.

# Allows: container read (list, inspect, stats), start, stop, restart
# Allows: image read
# Denies: exec, create, network/volume writes

Diun (diun.yaml)

Minimal read-only access for Diun (Docker Image Update Notifier).

Use for: Diun, or any tool that only needs to discover running containers and inspect images.

# Allows: GET on containers (list, inspect), images (inspect)
# Denies: everything else — Diun checks registries directly

Autoheal (autoheal.yaml)

Minimal access for docker-autoheal.

Use for: Autoheal, or any health-check-based restart tool.

# Allows: GET /containers/json (list unhealthy), POST /containers/*/restart
# Denies: everything else — the most restrictive write preset

GitHub Actions Self-Hosted Runner (github-actions-runner.yaml)

For the actions/runner process on a self-hosted runner that needs Docker socket access to spawn jobs.*.container + jobs.*.services containers.

Use for: self-hosted GitHub Actions runners that handle untrusted workflows (i.e. anything from a fork PR or a low-trust org member).

# Allows: container lifecycle, exec, attach, image pull, per-job networks,
#         named volumes for cache
# Denies: privileged containers, host namespace sharing, bind mounts,
#         capability additions, build, swarm, secrets, plugins, raw export

The preset enforces what a workflow can do once admitted. Pair it with clients.allowed_cidrs (TCP listener) or clients.unix_peer_profiles (unix listener) to authenticate which process is connecting — sockguard on its own does not know which runner identity is on the other end.

GitLab Runner (Docker Executor) (gitlab-runner.yaml)

For gitlab-runner with executor = "docker" in config.toml. Spawns build + service + helper containers per CI job and uses docker exec to inject job steps.

Use for: GitLab Runner deployments handling untrusted CI jobs.

# Allows: container lifecycle, exec, attach, image pull, per-job networks,
#         named volumes
# Denies: privileged containers (even if config.toml asks for them),
#         host namespace sharing, bind mounts, build, swarm, secrets,
#         plugins, raw export

Notable: the preset deliberately rejects privileged containers even if the runner's config.toml has privileged = true. DinD-style jobs that require a privileged build container will fail through the proxy until the operator either removes the flag or moves the affected project to a different runner. This is the secure default; widening it is an audit-trail-bearing edit.

CIS Docker Benchmark (cis-docker-benchmark.yaml)

Turns sockguard into an admission gate for the inspectable subset of the CIS Docker Benchmark v1.6.0 Section 5 (Container Runtime) controls.

Use for: any deployment that has to evidence CIS posture — every non-compliant docker run is rejected at the API boundary with 403 before dockerd executes it.

# Enforces CIS 5.3, 5.4, 5.5, 5.9, 5.10, 5.11, 5.12, 5.15, 5.16, 5.17,
#          5.21, 5.22, 5.23, 5.25, 5.28, 5.30, 5.31 (structural)
# Allows:  container/image/network/volume reads, container lifecycle
# Denies:  exec, build, swarm, secrets, plugins, raw archive/log/attach

See the dedicated CIS Docker Benchmark guide for the full control-by-control mapping, the negative-test recipe, and notes on companion tools for the host/daemon/image controls sockguard cannot inspect.

Read-Only (readonly.yaml)

Allows GET access to all Docker API endpoints. Denies all write operations.

Use for: generic dashboards, monitoring tools, read-only Portainer.

# Allows: GET on containers, images, networks, volumes, system, events, info, ping, version
# Denies: all POST, PUT, DELETE

This preset intentionally includes raw archive/export and log/attach stream reads, so it sets insecure_allow_read_exfiltration: true. Tighten it if your client only needs list/inspect endpoints.

Using a Preset

Mount the preset as your config file:

services:
  sockguard:
    image: codeswhat/sockguard:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - sockguard-socket:/var/run/sockguard
    command: ["serve", "-c", "/etc/sockguard/drydock.yaml"]

All preset configs are bundled in the image at /etc/sockguard/.

Presets that keep broad container/image read compatibility also carry explicit insecure_allow_read_exfiltration: true acknowledgements so they continue to validate honestly under the read-side export guardrail.

Configuration

Configure sockguard via YAML or environment variables — listeners, TLS, request-body inspection, client profiles, ownership, and structured access plus audit logging.

CIS Docker Benchmark

How sockguard's container_create body inspection maps to the inspectable subset of the CIS Docker Benchmark v1.6.0 — and the cis-docker-benchmark.yaml preset that turns it on.

On this page

Drydock (drydock.yaml)Traefik (traefik.yaml)Portainer (portainer.yaml)Watchtower (watchtower.yaml)Homepage (homepage.yaml)Homarr (homarr.yaml)Diun (diun.yaml)Autoheal (autoheal.yaml)GitHub Actions Self-Hosted Runner (github-actions-runner.yaml)GitLab Runner (Docker Executor) (gitlab-runner.yaml)CIS Docker Benchmark (cis-docker-benchmark.yaml)Read-Only (readonly.yaml)Using a Preset