Docker Community Forums

Share and learn in the Docker community.

End-user security control

Hi all,

In order to ensure the security while giving access to Docker to end-users, I would like to limit access to some docker commands (such as docker exec…) and to enforce some options for docker run (such as “-u UID:GID” and “–rm”…)

Is there an integrated way to do it with Docker? Despite looking for into the documentation, I didn’t find anything but maybe I missed some options…

If no solution from Docker options and configuration, what is the best way to do it?

  • A wrapper upon the Docker command line?
  • A minimaliste client implementation?

Thank you!

Hi,

i didnt find any way ether, but there is a handy option called “userns-remap”. Its not exactly what you want but you can’t do things like “–privilieged” and “–volume /:/got/the/host/root” - with is nice.
Another option is to use a orchestrator to abstract the user from the docker engine. ( e.g. kubernetes ).

  • Or as you already suggest, a wrapper tool.

Cheers