Home Explore Blog Models CI



docker
content/manuals/extensions/extensions-sdk/architecture/security.md
27249634b38942bb2e84dd05928eb3c2b735118d689747e900000003000004cd
---
title: Extension security
linkTitle: Security
description: Aspects of the security model of extensions
keywords: Docker, extensions, sdk, security
aliases:
 - /desktop/extensions-sdk/guides/security/
 - /desktop/extensions-sdk/architecture/security/
---

## Extension capabilities

An extension can have the following optional parts: 
* A user interface in HTML or JavaScript, displayed in Docker Desktop Dashboard
* A backend part that runs as a container
* Executables deployed on the host machine.

Extensions are executed with the same permissions as the Docker Desktop user. Extension capabilities include running any Docker commands (including running containers and mounting folders), running extension binaries, and accessing files on your machine that are accessible by the user running Docker Desktop.

The Extensions SDK provides a set of JavaScript APIs to invoke commands or invoke these binaries from the extension UI code. Extensions can also provide a backend part that starts a long-lived running container in the background.

> [!IMPORTANT]
>
> Make sure you trust the publisher or author of the extension when you install it, as the extension has the same access rights as the user running Docker Desktop.
Chunks
a2fb5f88 (1st chunk of `content/manuals/extensions/extensions-sdk/architecture/security.md`)
Title: Extension Capabilities and Security Considerations
Summary
Extensions in Docker Desktop can include a UI, a backend container, and host executables, all running with the same permissions as the Docker Desktop user. This grants them significant capabilities, including running Docker commands, accessing files, and executing binaries. Users should only install extensions from trusted sources due to the access rights granted to extensions.