Skip to content
Docker-in-Docker with web-based access
Dockerfile Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This image provides Docker-in-Docker with web-based access using Shell In A Box including sockguard to mitigate host breakouts.


The following command builds shellinabox based on the latest stable version of Docker:

docker build --tag shellinabox .

To select a specific version of Docker, supply DOCKER_VERSION as build argument:

docker build --tag shellinabox:18.09 --build-arg DOCKER_VERSION=18.09 .

DOCKER_VERSION defaults to stable.


By default, shellinabox is published on port 4200:

docker run -d --privileged --publish 80:4200 shellinabox

Overriding the following environment variables, forces the shell to under the specified user and group:

docker run -d --privileged --env SHELL_USER=groot --env SHELL_GROUP=groot --publish 80:4200 shellinabox

By default, sockguard prevents privileged containers as well as bind mounts. If you need those, sockguard can be disabled:

docker run -d --privileged --env ENABLE_SOCKGUARD=false shellinabox
You can’t perform that action at this time.