Docker Community Forums

Share and learn in the Docker community.

Restrict what `docker run` can do

Let say I have a server running docker and people run images through

DOCKER_HOST=ssh://<> docker run ...

Is it possible to enforce certain things server wide like the container must run as uid/gid 1000:1000, certain devices cannot be mapped in the container, RAM usage is limited to 500MB or things of that nature?

That would be applied over the docker run parameters whether the user wants it or not?