HiveBrain v1.2.0
Get Started
← Back to all entries
snippetdockerModerate

How to prohibit access to internals of Docker container?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
internalscontainerdockerprohibithowaccess

Problem

I want to deliver my app to customers in form of docker image. But it is crucial to ensure that end-user do not alter anything inside the container. User should only be able to run/stop the container and interact with the container via network.

Is it possible to prohibit access to internals of container?
Is it possible to verify integrity of image that container made from?

Solution

In short, you cannot prevent your customers from modifying containers they run in their own infrastructure. Containers are not like binaries that can be obfuscated; they are runtime environments. The code you distribute inside the container, however, can be obfuscated.

Your question alludes to a third-party support issue: clients modifying software they run in their own environments. If you provide tools to operate the containers you supply (e.g. monitoring and logging) then the clients should agree (as part of a software license) not to make unauthorized modifications to them. This applies to all types of third-party software, not just containers.

Depending on your situation, you may also have the option to provide your app as Software As A Service (SaaS) running in a cloud infrastructure.

If your client requires your containers be run on their infrastructure, and refuses to abide by modification restrictions, then you probably don't want to try to support their use of your software.

Context

StackExchange DevOps Q#1116, answer score: 18

Revisions (0)

No revisions yet.