Monday, May 7, 2018

How Secure The Data Within The Container: Mounting Container Files With Host

So far I have posted the below posts:
1. Beginners guide to docker which has covered the basic understanding about dockers
2. Types of Docker installation
3. Download, Install and Delete Dockers

As we all know how great the linux file system and security features are. But when we dealt with containers, the same kind of security resides in it also. To get better understanding of how does the file mounting system works, I tried to launch a container named "writer" with read and write permissions to a folder inside it and same time it has been mounted with my local windows directory.

After that, I have launched same container with another name "reader" which has only read only rights and same directory is also mounted to my local directory with read only permissions too.

Then I tried to make changes in writer container by creating a file name "simple.txt" and found the same file is in my local windows mounted directory. The same simple.txt file can be read by the reader container also but it it tries to write anything on it, it says access denied.

This clearly demonstrates how securely we can share the files in the container with other containers without loosing any feature functionality.

As per below image, there are 2 x Alpine container with writer and reader name has been spin up in the docker container. Both the containers are sharing the /data folder to host directory with right and read access.

Security of Docker Container Mounting

Below is the graphical view what we are going to acheive after running the commands in the docker terminal.
Security of Docker Container Mounting

Let's run the below command and login to the alpine container shell.
docker run -it --name writer -v C:/lab/test-html:/data alpine /bin/sh

Let's try to create simple.txt file and write some text in it
/ # echo "Creating a file which is shared in C:/lab/test-html folder in read and write format" > /data/sample.txt
/ #

Check the contents of the file by typing the below command in terminal
/ # cat /data/sample.txt

After this, let spin the another container and mount the /data folder with read only access.
Security of Docker Container Mounting
Run the below command in the terminal
PS C:\lab\test-html> docker run -it --name reader -v C:/lab/test-html:/data:ro alpine /bin/sh

Write some content in the simple.txt file in reader container.
/ # echo "I have spin new apline container as name reader and trying to write the lines in it" > /data/sample_read.txt

We can see after hitting the above command in the terminal, we can see this has been rejected because reader container has only read only access to simple.txt file.
/bin/sh: can't create /data/sample_read.txt: Read-only file system

We can verify the same by running the below command in the terminal. Below mentioned output is the extract from the output. Rest output has been omitted
PS C:\lab\test-html> docker inspect reader
"HostConfig": {
    "Binds": [

People who read this post also read :

No comments: