|  |  |  | Cockpit Guide |  | 
|---|
Cockpit can manage containers via Docker. This functionality is present in the Cockpit docker package.
Cockpit communicates with the Docker daemon via its API via the
    /var/run/docker.sock unix socket. The Docker API
    is root equivalent, and on a properly configured system, only root
    can access the Docker API. If the currently logged in user is not root
    then Cockpit will try to
    escalate the user's privileges via Polkit
    or sudo before connecting to the socket.
Alternatively one may
    create a docker unix group. Anyone in that docker group can then access
    the Docker API, and gain root privileges on the system. This
    impacts system security
    and is not recommended for general usage.
Similar container functionality is available on the command line via the
    docker tool:
$ sudo docker run -ti fedora /bin/bash
[root@57625bc8787e /]#