kdocker

Display a cursor to send a window to the system tray when pressing the left mouse button (press any other mouse button to cancel)

$ kdocker

$ kdocker [application]

$ kdocker -f

$ kdocker -i /[path/to/icon]

$ kdocker -l [application]

$ kdocker --version

kdocker [DOCKER_COMMAND] [DOCKER_ARGUMENTS...]

Explanation: kdocker functions primarily as a prefix to standard Docker commands. It does not typically have its own command-line options but instead passes the subsequent DOCKER_COMMAND (e.g., run, build, pull) and its DOCKER_ARGUMENTS directly to the underlying Docker client and daemon within a proot-managed environment. Any configuration for kdocker itself is usually managed via environment variables or internal script logic, not command-line parameters.

kdocker is a utility designed to enable the execution of Docker containers without requiring root privileges on the host system. It achieves this by leveraging proot, a user-space implementation of chroot that allows programs to run with an altered root directory and emulates certain kernel calls, effectively creating a 'fake root' environment.

The primary purpose of kdocker is to enhance security by isolating Docker operations from the host's root user, and to enable Docker usage in environments where root access is restricted or undesirable (e.g., shared servers, CI/CD pipelines). It acts as a wrapper, taking typical Docker commands and executing them within its proot-managed, unprivileged environment. This allows users to perform standard Docker operations like docker run, docker build, etc., as if they were root, but within a confined and non-privileged context.

Performance Overhead: Running Docker through proot can introduce a slight performance overhead due to the emulation layer.

Limited Functionality: While most basic Docker operations work, complex scenarios involving advanced networking, device passthrough, or specific kernel capabilities might not function correctly or might require significant configuration.

Security Scope: While it enhances security by removing the need for root privileges, the underlying proot environment is still subject to its own limitations and potential vulnerabilities. It's not a full sandbox.

Alternative: Modern Docker versions include native "rootless mode" which is often preferred for its tighter integration and better performance, making kdocker less necessary for new setups.

kdocker primarily works by setting up a pseudo-root environment using proot. When you invoke kdocker, it intercepts the Docker command. Inside the proot environment, it sets up necessary symlinks and mounts to mimic a root filesystem, allowing the Docker client to believe it's running with full privileges, while in reality, all operations are confined to the user's home directory or a designated workspace, without actual root access on the host.

Instead of running docker run -it ubuntu bash, you would typically run kdocker run -it ubuntu bash.
Similarly, for building images: kdocker build -t myimage .
kdocker essentially prepends your standard Docker commands.

kdocker emerged as a community-driven solution to address the long-standing demand for running Docker without root privileges. Prior to Docker's native "rootless mode" (introduced in later versions), tools like kdocker provided a crucial workaround for users and administrators who needed to utilize Docker in unprivileged environments due to security policies or lack of root access.

Its development was often informal, consisting of shell scripts leveraging proot, filling a gap in Docker's capabilities. With the advent of native rootless Docker, the necessity of kdocker has diminished for new deployments, but it remains relevant for legacy systems or specific niche use cases where native rootless Docker might not be feasible or desired.

docker(1), proot(1), podman(1), chroot(1)