How do a prevent a user of my pre-built docker container from being able to access a shell within a running instance of that container? I have googled and read all the posts that are related to this scenario and have come up without a working solution. I am trying to prevent access to a given resource in the container, for the sake of this inquiry, let's say its a serial number in a configuration file. I am building upon the java:7 image which is based upon an ubuntu image.
To test your solution, do the following:
-
Create and run your docker container
-
Export your container
docker export [container name] | gzip -c > mycontainer.tar.gz
-
Import your container on an external system
gzip -dc mycontainer.tar.gz | docker import – [container name]
-
Run the container
-
Shell into the running container using any / all of the following methods:
docker exec -it [container name] bash
docker attach [container name]
docker run -ti –entrypoint=/bin/bash [container name]
[container name] is the name of your container
bash, dash, and sh are all valid shells
Best Answer
For the
bash
command specifically, I added in the .bashrc file the commandexit
at the end of the file, so the user logs in and finally kicked out, but users still can usesh
command.