From 7ac850853dec0ee2d547693c715a514f9b15cc09 Mon Sep 17 00:00:00 2001
From: Lars Kruse <devel@sumpfralle.de>
Date: Tue, 23 Feb 2021 00:10:10 +0100
Subject: [PATCH] Plugin docker_: reduce permissions of plugin

root privileges are not required for sending queries to the docker socket.
Instead the group "docker" should be sufficient.

Additionally replace /var/run with /run (following updates of FHS).
---
 plugins/docker/docker_ | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/plugins/docker/docker_ b/plugins/docker/docker_
index 028a22d27..8216d4fa0 100755
--- a/plugins/docker/docker_
+++ b/plugins/docker/docker_
@@ -59,12 +59,15 @@ Would exclude all containers with the word "runner" in the name.
 =over 2
 
     [docker_*]
-    user root
-    env.DOCKER_HOST unix://var/run/docker.sock
+    group docker
+    env.DOCKER_HOST unix://run/docker.sock
     env.EXCLUDE_CONTAINER_NAME regexp
 
 =back
 
+You may need to pick a different group depending on the name schema of your
+distribution.  Or maybe use "user root", if nothing else works.
+
 =head1 AUTHORS
 
 This section has been reverse-engineered from git logs