Use a custom Docker host

If you are interfacing with Docker via TCP, set DOCKER_HOST to the correct URL.

DOCKER_HOST=tcp://docker_socket_proxy:2375

If you do this as you seek to restrict access to the Docker socket, this tool is potentially calling the following Docker APIs:

API When
Info always
ContainerExecCreate running commands from exec-labels
ContainerExecAttach running commands from exec-labels
ContainerExecInspect running commands from exec-labels
ContainerList always
ServiceList Docker engine is running in Swarm mode
ServiceInspect Docker engine is running in Swarm mode
ServiceUpdate Docker engine is running in Swarm mode and stop-during-backup is used
ConatinerStop stop-during-backup labels are applied to containers
ContainerStart stop-during-backup labels are applied to container

In case you are using docker-socket-proxy, this means following permissions are required:

Permission When
INFO always required
CONTAINERS always required
POST required when using stop-during-backup or exec labels
EXEC required when using exec-labeled commands
SERVICES required when Docker Engine is running in Swarm mode
NODES required when labeling services stop-during-backup
TASKS required when labeling services stop-during-backup