docker_cmd Detection
v1.0
·
Updated 5 days ago
How Fleet Manager Invokes Docker: docker_cmd
Docker is reachable differently on every server — sometimes directly, sometimes only via sudo, sometimes at a special path. During /diag, Fleet Manager therefore tries several variants and remembers the first one that works as docker_cmd in the profile:
docker infosudo -n docker infosudo -n /usr/local/bin/docker info/usr/local/bin/docker info
If no variant answers, Docker is considered unavailable (docker_available: no).
Allowlist validation
Before every use, the stored docker_cmd is checked against a strict pattern:
^(sudo -n )?(/path/to/)?docker$Anything else is rejected rather than executed — a safeguard against command injection should a profile be tampered with.