feat: replace direct Docker socket mount with socket proxy

[rorybyrne]

Problem

The production docker-compose.yml mounts /var/run/docker.sock directly into the server container (line 33). This gives the server full Docker daemon access — effectively root on the host. If the server process is compromised (dependency vuln, crafted hook output, etc.), an attacker can create privileged containers and escape to the host.

The hook containers themselves are well-sandboxed (no network, read-only rootfs, CapDrop: ALL, non-root user, resource limits) — the risk is specifically about the server's access to the daemon.

Solution

Add a docker-socket-proxy service to docker-compose.yml and remove the direct socket mount from the server.

services:
  docker-proxy:
    image: tecnativa/docker-socket-proxy
    environment:
      CONTAINERS: 1
      IMAGES: 1
      POST: 1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped

  server:
    environment:
      DOCKER_HOST: tcp://docker-proxy:2375
    # remove: /var/run/docker.sock:/var/run/docker.sock

The proxy whitelists only the API endpoints the OciHookRunner needs (containers: create/start/wait/delete/inspect/logs, images: inspect/pull) and blocks everything else (exec, volumes, networks, system, swarm).

aiodocker and the Docker CLI both respect DOCKER_HOST natively, so no code changes required.

Future considerations

• The HookRunner port abstraction already supports swapping in alternative runners (Podman, Kubernetes Jobs) without touching domain code
• Podman rootless is the strongest option for security-conscious self-hosted deployments (no daemon, no socket, no root) — document as recommended production setup
• For k8s deployments, a KubernetesHookRunner that creates Jobs instead of containers is the natural path