End-user security control

olivierpt · July 25, 2016, 8:15am

Hi all,

In order to ensure the security while giving access to Docker to end-users, I would like to limit access to some docker commands (such as docker exec…) and to enforce some options for docker run (such as “-u UID:GID” and “–rm”…)

Is there an integrated way to do it with Docker? Despite looking for into the documentation, I didn’t find anything but maybe I missed some options…

If no solution from Docker options and configuration, what is the best way to do it?

A wrapper upon the Docker command line?
A minimaliste client implementation?

Thank you!

cdpb · January 12, 2017, 7:37am

Hi,

i didnt find any way ether, but there is a handy option called “userns-remap”. Its not exactly what you want but you can’t do things like “–privilieged” and “–volume /:/got/the/host/root” - with is nice.
Another option is to use a orchestrator to abstract the user from the docker engine. ( e.g. kubernetes ).

Or as you already suggest, a wrapper tool.

Cheers

Topic		Replies	Views
How to set user/command restrictions on docker container General	2	4372	April 1, 2018
How to Prevent Docker Masquerading as Another User General	1	453	February 8, 2019
Docker security best practice General	1	1302	January 21, 2016
Does --user option enhance security? General	0	512	October 17, 2018
Preventing certain users in container from executing any command General	0	809	February 19, 2016

End-user security control

Related topics