# Docker group/LXD group

## Docker Group Privilege Escalation

If you have docker group privileges, then you can easily get root:

In docker, you have a `-v` (bind mount a volume) option. This means you can bind the root directory to a place in a docker container. So you can basically “import” the root directory of the host OS to some place in a docker container (like `/mnt/someplace`):

```
Docker run -v /:/mnt/someplace -it <container-name> bash
```

So when you navigate to `/mnt/someplace` **inside the docker container**, you will be able to read (and write I think?) the files as root, since you are root in the docker container.

## LXD Group Privilege Escalation

Pretty much the same method works if you're in the lxd group.

Follow this guide the machine doesn't have internet:&#x20;

{% embed url="<https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation>" %}

Follow this one if it does have internet access:&#x20;

{% embed url="<https://materials.rangeforce.com/tutorial/2019/12/07/Privilege-Escalation-Docker-LXD-Groups/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://heinosass.gitbook.io/leet-sheet/post-exploitation/linux/linux-privilege-escalation/docker-group-lxd-group.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.