Tamper-proof container


I am developing an application and I want a client to connect to a running container on a different host and execute some predefined scripts that are already in the container.

Is it possible for the client to verify that:

  1. The container is available on the host and its configuration didn’t change from the root user
  2. This set of scripts has not been tampered by the root user?

I was thinking of storing the scripts on IPFS so then I can check the hash of the files but I don’t know how to verify that the container exists and it hasn’t been tampered by the root user.

Thank you

I’m pretty sure that’s impossible, Docker or otherwise. The “on a different host” part makes it especially impossible: imagine a compromised server who can somehow spoof the authenticity checks by having the “real” application in a VM and reporting file hashes and whatever else from the VM, but doing its own thing in response to application requests.

To ask a question that’s always useful to ask on this forum: how would you solve this problem if Docker wasn’t involved?