I need to send a docker image to someone, but I want him to be able to only run/stop it but not be able to access the software that runs in the container. Is that possible?
How to share a container image with others to only run it but not be able to connect or access executables that are running in it
There aren’t really good ways to restrict what the
docker command is able to do, either as an administrator or an image author, so if someone has an image then they can
docker run it with any options, and easily open up port mappings into it and/or get themselves a shell to see the container. Also remember that you have to be root to run Docker commands so you can easily dig though Docker’s internal state if you want to.
Giving someone a Docker image isn’t really any different from giving them a tar file with the same software; they can do pretty much all of the same things with it (examine it, run it, make network connections to the running software, …).
Thanks David, it would be great to have a sort of secure and private piece of code running somewhere else (especially in cloud and smart contracts in a peer to peer network)