Systemd and docker -H fd://

Based on what I learned in Systemd Service and Socket Activation and Systemd Service and stdio , we can now have a look at Docker.
The code for -H fd://
-Handling is here
.
The file descriptors are coming from activation.Listeners()
, and are in the listeners
slice.
In our case, the part after the fd://
is empty, so lines 83-85 are activated, and the incoming fd’s are passed to the Docker proper.
|
|
Summary
The question that started this Yak shaving session was: “How to expose the docker socket of a remote machine over the network?” And this appears that the answer to this question is:
- take the original
docker.socket
configuration - create an override and add a secondary listener socket for tcp://0.0.0.0:2375
So:
# systemctl edit docker.socket
...
# systemctl cat docker.socket
# /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
# /etc/systemd/system/docker.socket.d/override.conf
[Socket]
ListenStream=
ListenStream=/run/docker.sock
ListenStream=2375
This clears the original ListenStream
list, and then adds two entries back.
The first change addresses the error message
ListenStream= references a path below legacy directory /var/run/,
updating /var/run/docker.sock tcp://0.0.0.0:2375 → /run/docker.sock tcp://0.0.0.0:2375;
please update the unit file accordingly.
The second one adds a listener to port [::]:2375
.
And that will allow me to talk to the Docker server on my development host over the network.