Disable certain Docker run options

Question

I'm currently working on a setup to make Docker available on a high performance cluster (HPC). The idea is that every user in our group should be able to reserve a machine for a certain amount of time and be able to use Docker in a "normal way". Meaning accessing the Docker Daemon via the Docker CLI.

To do that, the user would be added to the Docker group. But this imposes a big security problem for us, since this basically means that the user has root privileges on that machine.

The new idea is to make use of the user namespace mapping option (as described in https://docs.docker.com/engine/reference/commandline/dockerd/#/daemon-user-namespace-options). As I see it, this would tackle our biggest security concern that the root in a container is the same as the root on the host machine.

But as long as users are able to bypass this via --userns=host , this doesn't increase security in any way.

Is there a way to disable this and other Docker run options?

Answer 1

As mentioned in issue 22223

There are a whole lot of ways in which users can elevate privileges through docker run, eg by using --privileged.
You can stop this by:

• either not directly providing access to the daemon in production, and using scripts,

(which is not what you want here)

• or by using an auth plugin to disallow some options.

That is:

dockerd --authorization-plugin=plugin1

Which can lead to: