Blocking Root Access in Docker


I am running a web app in a docker container and want to block/disable root access. The container is meant to be ephemeral and black box (at least as much as possible) 
Currently I have installed a puppet agent and have the user resource shell set to '/sbin/nologin', but it is not working. I can still get to a root shell even though the root user is set to /sbin/nologin! lol

Does anybody know how to restrict access to the root shell for docker?  
  • post-author-pic
    Andrei S

    Hi Joshua,

    Could you provide a bit more details about your container(Dockerfile preferred) and how do you check login?
    From the first look, you can't do it on the same host machine. The container itself is just a process with own namespace and cgroups.
    I haven't enough experience with docker,  but you've asked a really interesting question for me.

Looking For Team Training?

Learn More