I am running Python-based applications inside Docker containers. For security reasons, I need to restrict the use of the following commands on these containers:
docker exec: Prevent users from executing commands inside the running containers.
docker cp: Prevent users from copying files to or from the containers.
I want to ensure these restrictions apply to all users except for a specific set of administrators. Here’s what I’ve considered so far:
RBAC and Permissions: Setting up Docker’s authorization plugins to restrict specific actions based on user roles.
Custom Plugins: Developing or configuring an external authorization plugin to enforce these restrictions.
Environment Details:
Docker version: 27.4.1
Host OS: Ubuntu 22.04
I’d like to know the best practices or methods to achieve this. If anyone has experience implementing such restrictions, could you share any examples or plugins?