Is there any way I can protect my binaries inside the image and container secure by not accessing by user?
Asked
Active
Viewed 430 times
0
-
No. If the user has control of the host machine, they will be able to access your binaries. You can make it hard by obfuscating your code and/or encrypting it. But in the end it needs to be decrypted to run and the user will be able to access it. – Hans Kilian Aug 20 '21 at 07:17
-
...and if they can run any `docker` command at all, they can trivially get root access on the host. You can't prevent a user from `docker run`ning a shell (assuming your image contains one), `docker export`ing a container to a tar file, or manually poking around in `/var/lib/docker` to find the image content. – David Maze Aug 20 '21 at 10:29
1 Answers
0
You have goods practices for protect your image content :
- Start docker with specific user (not admin) on the machine
- Push the image to a private repo
- Don't put any sensitive information under the image. Use Environment variables for example for any secret key or any identification. Populate the Environment viriables only when you run the image (with docker-compose for example)
I hope it will help you a little and it answers to your question.
Dupeyrat Kevin
- 66
- 4