I have a user restricted
, and the user can only access its own files. It is a non-root user, and so, therefore, cannot use Docker (doing docker run foo
=> docker: Got permission denied while trying to connect to the Docker daemon socket...
).
I want to allow this user to create their own Docker images from only their file space, and only be able to delete/rmi their own images that they have made. Furthermore, they will only be able to run their own images and stop their own image containers.
From the questions I have read, the only way for this to happen is to add a root user to a group the non-root user is in, making a huge vulnerability risk.
Best Answer
Per the Official Docker Documentation,
Instructions for this mode can be found on GitHub:
https://github.com/docker/engine/blob/v19.03.0-rc3/docs/rootless.md
If you are only seeking to build containers, one could try using
img
,This tool can be used for building containers, and runs without permissions by default.
Unfortunately, as stated previously,
img
cannot run containers, only build them.See also: https://rootlesscontaine.rs