How to prevent attach or exec in a docker container

docker

For the bash command specifically, I added in the .bashrc file the command exit at the end of the file, so the user logs in and finally kicked out, but users still can use sh command.


To add on to Jose's answer, another solution is to...

docker exec :id -it /bin/rm -R /bin/*

That gets rid of sh and any bin useful command in linux. I'm unsure what you'd do to get into the container at that point. Though I know that you might be able to use a memory debugger to get environment variables of the running container, but it makes it that much more annoying... I wonder if theres a way to lock down that memory in ring 0 and take away ssh access altogether to the host.

If anyone knows how to crack that, I would be interested in knowing how.

EDIT

You want to use docker secrets if you're protecting sensitive information. Check out:

https://docs.docker.com/engine/swarm/secrets/

Related

Clearing AD User Properties Issue
after installing monit when i do monit status myproc i get "error connecting to the monit daemon"
Can't connect to SAMBA over openVPN
Spoof database connection to be local instead of remote
Postfix modify email in queue and re-inject
How to redirect tomcat console log to files? Tomcat started via windows bat
Will a RAID controller pass on flush commands when controller's cache is in write-through mode?
Easiest way to send an Email from the command line, using windows 2003 R2
Show delegated ipv6 prefix at command line in OpenWRT
Apache authentication fails with require ldap-group
Make SSH server to forward connection per user
How to determine the first and last iteration in a foreach loop?