I thought this would be hard, but turns out the following oneliner does it, with maybe no sideeffects ?
echo 'docker() { [ "$1" = "sh" ] && docker exec -it "$2" sh || command docker "$@"; }' >> ~/.bashrc && source ~/.bashrc
This creates a bash alias for “docker ps” , every other command should run as normal
Now I just need to remember to run this one liner on every single computer I use in the future…
This is an excellent idea. Fortunately you’re not the first to have it ;-)
You should look into
alias
.dit="docker exec -it $@"
Seems more flexible to me. Also, you shouldn’t give functions or variables the same names as binaries.
Not all docker containers contain a shell binary.. You can still propose an issue to moby, the upstream of docker, though.
How do you go inside those containers and poke around then ?
Generally speaking you shouldn’t be poking around running containers. It is rare that I have ever needed to do that. If you want to inspect the contents of an image then tools like dive are helpful. If the container produces some useful output that you might need then put that into a volume, you can then mount that volume to a debug/inspect container to read the files without messing around with the rest of the container.
Shell-less containers are a great security feature - it is extremely hard to get a reverse shell on something that does not have any shell. And if you must have a shell to debug something docker already has a feature for that docker debug which works for shell-less containers as well.
Jokes aside, you create a custom Dockerfile and copy a statically compiled shell binary.
Always wondered why this wasn’t automated, from an ergonomics perspective, a command that lets me open a shell could detect that no shell exists, and then do as you said, without me having to lift a finger. It’s not very unix-y, but it could be a sort of plug-in for Docker CLIs.
It does exist with docker debug.
Oof freebsd has spoilt me, the equivalent would be
appjail login vaultwarden