[ https://ovirt-jira.atlassian.net/browse/OVIRT-2324?page=com.atlassian.jir... ] Barak Korren commented on OVIRT-2324: ------------------------------------- {quote} I can see the mount entry when running mount, but the socket doesn't exist: {quote} I think I know what is going on here, systemd mounts tmpfs on /run after the socket was already mounted, so the tmpfs mount hides the socket mount. So to solve this we need to check if we can make systemd leave /run alone, or otherwise mount to another location. since this is a privileged container - can we bind mount from inside it? we can do that to "move" the docker socket back to where the docker client expects it to be. But looking at the bigger picture for a sec, since we may want to do things like make docker commands inside the container use the container`s network namespace by deault, we could try to do it transparently by doing a MITM attack on the dockerd traffic. to do that we would: # Mount the real docker socket in some custom location # Have our process listen on the default docker socket location, forward traffic to the custom location and inject modified network instructions as needed.... If we do that, we don;t really have to solve this issue. -- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100088)