How to run shell script on host from docker container?

docker

Use a named pipe. On the host OS, create a script to loop and read commands, and then you call eval on that.

Have the docker container read to that named pipe.

To be able to access the pipe, you need to mount it via a volume.

This is similar to the SSH mechanism (or a similar socket-based method), but restricts you properly to the host device, which is probably better. Plus you don't have to be passing around authentication information.

My only warning is to be cautious about why you are doing this. It's totally something to do if you want to create a method to self-upgrade with user input or whatever, but you probably don't want to call a command to get some config data, as the proper way would be to pass that in as args/volume into docker. Also, be cautious about the fact that you are evaling, so just give the permission model a thought.

Some of the other answers such as running a script. Under a volume won't work generically since they won't have access to the full system resources, but it might be more appropriate depending on your usage.


The solution I use is to connect to the host over SSH and execute the command like this:

ssh -l ${USERNAME} ${HOSTNAME} "${SCRIPT}"

UPDATE

As this answer keeps getting up votes, I would like to remind (and highly recommend), that the account which is being used to invoke the script should be an account with no permissions at all, but only executing that script as sudo (that can be done from sudoers file).

UPDATE: Named Pipes

The solution I suggested above was only the one I used while I was relatively new to Docker. Now in 2021 take a look on the answers that talk about Named Pipes. This seems to be a better solution.

However, nobody there mentioned anything about security. The script that will evaluate the commands sent through the pipe (the script that calls eval) must actually not use eval for the whole pipe output, but to handle specific cases and call the required commands according to the text sent, otherwise any command that can do anything can be sent through the pipe.

Related

Where are the Properties.Settings.Default stored?
Possible to perform cross-database queries with PostgreSQL?
Is there a way to automatically update application on Android?
Embed Zxing library without using Barcode Scanner app [duplicate]
Using global keyboard hook (WH_KEYBOARD_LL) in WPF / C#
Disable scrolling in webview?
How do I restart my C# WinForm Application?
How to deal with certificates using Selenium?
Whitespace Matching Regex - Java
Border length smaller than div width?
WebAPI Multiple Put/Post parameters
Increment operator does not work on a variable if variable is set to 0