Rootless Sniffing
lude.rsWonderful! But isn't this a security loophole?
It is. I wonder why the socket is in /tmp and not in /run or at least a sub-directory that can be chmod -w to prevent a renaming attack. Debian/Ubuntu already do this by placing the socket in /run/php/phpXX-fpm.sock...
If I were to guess, this image is some Alpine or other self-assembled stuff instead of using a decent distribution as base.
/tmp/. has the sticky bit set (+1000), so renaming any files in there is not allowed for anyone but that particular inode's owner user (or UID 0, of course). If your socket directory with important UNIX domain socket inodes isn't similarly protected, that's a problem.