Information
It is possible to make the Docker daemon to listen on a specific IP and port and any other
Unix socket other than default Unix socket. Do not bind Docker daemon to another IP/Port
or a Unix socket.
By default, Docker daemon binds to a non-networked Unix socket and runs with 'root'
privileges. If you change the default docker daemon binding to a TCP port or any other Unix
socket, anyone with access to that port or socket can have full access to Docker daemon
and in turn to the host system. Hence, you should not bind the Docker daemon to another
IP/Port or a Unix socket.
Solution
Do not bind the Docker daemon to any IP and Port or a non-default Unix socket.For example, do not start the Docker daemon as below-$> docker -H tcp-//10.1.2.3-2375 -H unix-///var/run/example.sock -d
Impact-No one can have full access to Docker daemon except 'root'. Alternatively, you should
configure the TLS authentication for Docker and Docker Swarm APIs if you want to bind
the Docker daemon to any other IP and Port.
Default Value-By default, Docker daemon binds to a non-networked Unix socket.