do you have any idea how can I restrict this command?
docker exec <container_name>
I don't want to let anyone to use this command and access files and stuff inside the container.
Asked
Active
Viewed 16 times
0
-
I'm afraid not, even if i don't use an entrypoint the docker will use bin/bash by default and you still can access container with this command: docker exec -it mycontainer /bin/bash @StephenNewell – scaryhamid Jun 04 '22 at 12:52
-
You can't. Anyone who can run the container can easily read and extract any of the files in it (and, for that matter, can also easily get unrestricted root-level access to the whole host and bypass any controls). – David Maze Jun 04 '22 at 12:59
-
@DavidMaze What if I change the sth in docker config itself? Like there is no way at all? – scaryhamid Jun 04 '22 at 13:06
-
The accepted answer to the "how do I prevent root access" question discusses some alternatives. – David Maze Jun 04 '22 at 13:08
-
@DavidMaze well the problem is the user can be root. and I have no problems restricting another user to access docker. so I need to close docker exec command completely. – scaryhamid Jun 04 '22 at 13:36
-
1You already had an answer to that in David's first comment => **you can't**. You are welcome to fork the docker code and develop that feature in your personal version (if possible at all) or to find an other containerization platform that might better suit your needs (if it exists). But if you want to use docker as is, you will have to live with `exec` being possible. – Zeitounator Jun 04 '22 at 16:53