docker container running on untrusted host machine
Question
I know that docker containers which are running on a host machine have root privileges.
I want to start a container using HTTP requests from a web app but I don't trust the host machine which is running docker.
Is it possible to make my container as a "black-box" so I can prevent even the root in the host machine from accessing it?
What I want is to simply run it?
Are there any other alternatives instead of docker that I can use to achieve this?
1 answers
solution1
2 2018-02-01 13:51:18
I know that docker containers which are running on a host machine have root privileges.
This is mostly incorrect. A docker container has root access only on stuff visible to the container; that is directories explicitly mounted onto the container.
Is it possible to make my container as a "black-box" so I can prevent even the root in the host machine from accessing it?
No. The root user of the machine has access to everything on the machine. There is no way to prevent the root user from having access to the container.
Are there any other alternatives instead of docker that I can use to achieve this?
You are going to deploy the application in some form on the host, which will result in a runnable process. The root user will always have access and control over this process. So you which ever approach you take, there is no way to prevent the root user from having access to the application process.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.