Docker MCP Gateway - Catalog docker_args not honored

[Yash-Pandey007]

the bug
I defined docker_args in a custom MCP catalog (to pass --cap-add=NET_ADMIN, --cap-add=NET_RAW, and --network=host) but the gateway does not honor them — containers start without the requested capabilities/host networking. When I try to start the gateway in a Windows environment, the gateway logs show it reads the catalog but cannot connect to the Docker daemon, which prevents it from creating containers with the requested runtime flags.

Reproduction steps

1. Create ~/.docker/mcp/catalogs/custom.yaml (or C:\Users\yasha\.docker\mcp\catalogs\custom.yaml) containing:

version: 2
name: custom
displayName: Custom MCP Servers
registry:
  kali_pentest:
    title: "Kali Pentest Server"
    description: "Provides Kali pentesting tools like nmap from a secure Docker container."
    image: "kali-pentest-mcp:secure"
    ref: "kali-pentest-mcp:secure"
    tools:
      - name: nmap_scan
      - name: nikto_scan
      - name: dirb_scan
      - name: wpscan_check
      - name: sql_injection_test
      - name: searchsploit_query
      - name: generate_report
    run:
      docker_args:
        - "--rm"
        - "--cap-add=NET_ADMIN"
        - "--cap-add=NET_RAW"
        - "--network=host"
      transport:
        type: stdio

2. Start the gateway from PowerShell on Windows:

docker run -it --rm -v C:\Users\yasha\.docker\mcp\catalogs\:/mcp/catalogs docker/mcp-gateway --catalog=/mcp/catalogs/custom.yaml

3. Observe the gateway output.

Observed output / logs

- Reading configuration...
  - Reading catalog from [/mcp/catalogs/custom.yaml]
- Configuration read in 4.950575ms
guessing network: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Manual run works:

docker run --rm --cap-add=NET_RAW --cap-add=NET_ADMIN --network=host --entrypoint /bin/bash kali-pentest-mcp:secure -c "nmap -sn 192.168.0.107"

Expected behavior

• Gateway should successfully connect to the Docker daemon.
• docker_args from the catalog should be applied to the container runtime so containers are launched with the requested capabilities/network mode.

Actual behavior

• Gateway reads the catalog but cannot connect to the Docker daemon inside its container (unix socket path), so it never creates containers and therefore never applies docker_args.

Environment (relevant)

• Docker Client: 28.4.0 (windows/amd64)
• Docker Server: 28.4.0 (Docker Desktop 4.47.0) — linux/amd64 engine
• Host: Windows (Docker Desktop using desktop-linux context)
• MCP gateway: docker/mcp-gateway
• Catalog path mounted: -v C:\Users\yasha\.docker\mcp\catalogs\:/mcp/catalogs

Workarounds tried

• Manual docker run with --cap-add and --network=host — works.
• Wrapper script calling docker run with required flags — works.
• Confirmed gateway reads catalog but fails to talk to Docker due to socket access.

Additional Context

I attempted adding --privileged as well, but it was still ignored. Running the container manually works, so the issue seems specific to MCP gateway interpreting docker_args.

Request for Guidance

Could you please advise if there is a proper way to enforce container capabilities and network settings via the MCP catalog? Am I missing a configuration step or is this a limitation of the current MCP gateway implementation?

Find my Project
https://github.com/Yash-Pandey007/kali-pentest-mcp-server

Manual Output

(.venv) (base) PS C:\kali-pentest-mcp-server> docker run --rm --cap-add=NET_RAW --cap-add=NET_ADMIN --network=host --entrypoint /bin/bash kali-pentest-mcp:secure -c "nmap -sn 192.168.0.107"
Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-03 12:35 UTC
Nmap scan report for 192.168.0.107
Host is up (0.0022s latency).
Nmap done: 1 IP address (1 host up) scanned in 13.22 seconds
(.venv) (base) PS C:\kali-pentest-mcp-server>