3

We are new to container technology and are currently evaluating whether it can be used in our new project. One of our key requirements is data security of multi-tenants. i.e. each container contains data that is owned by a particular tenant only. Even we, the server admin of the host servers, should NOT be able to access the content inside a container.

By some googling, we know that root of the host OS can execute command inside a container, for example, by the "docker execute" command. I suppose the command is executed with root privileges? How to get into a docker container?

We wonder if such kinds of access (not just "docker execute", but also any method to access a container's content by server admin of the host servers) can be blocked/disabled by some security configurations?

Lapson
  • 53
  • 2
  • 1
    You can't prevent root from doing anything, but you can have users with admin capabilities without being root. Anyone who can access the Docker API (i.e. run `docker` commands) is effectively root. – Matt Nov 15 '17 at 06:10
  • But afterall the system must have this root account, and this account can only be kept by us the server admin. That means we can only convince our tenants to trust our code of conduct that we "won't" (not "can't") access their data. Correct? – Lapson Nov 15 '17 at 06:40
  • 1
    Yep, it's the basis of most IT relationships. There's a few edge cases where companies deal in client side encrypted data that they actually can't read but there is still some implied trust that you will store, and transmit data as they require. – Matt Nov 15 '17 at 07:06

1 Answers1

1

For the bash command specifically, Add the exit command in the end of the .bashrc file. So the user logs in and finally gets kicked out.

You can go through this link for the better understanding of why it is not implemented by default https://github.com/moby/moby/issues/8664

Vamsi
  • 672
  • 4
  • 16
  • If my understanding of the discussion thread is correct, that means even if you somehow disabled "docker exec", there are still many other ways for root of the host OS to access container's contents. So it's meaningless to disable only "docker exec". – Lapson Nov 15 '17 at 06:35
  • Yes. There are other ways to access the content. – Vamsi Nov 15 '17 at 10:19