4

Before pushing/publishing/sharing a docker image, I would like to disable interactive mode or password protect logging in the container. Is there a option to do so?

The use case is that one can run app from docker run or exec in detach mode only 

docker exec -d ubuntu_bash touch /tmp/execWorks

but can not do

docker run -ti ubuntu bash

I could not find it in the docker docs so far.

Sergio Tulentsev
  • 226,338
  • 43
  • 373
  • 367
user2423696
  • 91
  • 2
  • 9
  • what is that you are trying to achieve by disabling the interactive mode for an image ? – Here_2_learn Jun 14 '17 at 15:59
  • I am trying to share the image with 3rd party and want to protect my code (and binaries) on the image. My thought is to add this protection by disabling interactive mode. Is such protection feasible? – user2423696 Jun 15 '17 at 02:36
  • Ideally while building the image you can make use of non-root user to protect your code. "USER newuser" – Here_2_learn Jun 15 '17 at 04:32

1 Answers1

2

One solution would be to completely remove shell from the image:

docker exec :id -it /bin/rm -R /bin/*

That gets rid of sh and any bin useful command in linux. I do not know if it is possible to regain access at this point. Another aspect to keep in mind is that you might be able to use a memory debugger to get environment variables of the running container, but it makes it that much more difficult.

Last but not least if you would like to keep sensitive information from users and allow some kind of access check out:

https://docs.docker.com/engine/swarm/secrets/

CodeSamurai777
  • 3,285
  • 2
  • 24
  • 42
  • And whoever wants to access a container can just do `docker cp /bin/bash id:/bin/bash` – Pari Dec 14 '18 at 12:02