Skip to content

hjdr4/docker-jail

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

docker-jail

A simple user isolation system using Docker.

Maintaining chroots can be painfull. This projects provides wrapper scripts to get users log into a Docker container instead of the host, so the only work you have to do is maintaining a Dockerfile.

Usefull for bastion like systems.

Usage

  • Download this project
  • Edit the Dockerfile with your need for jails
  • Build your jail image with tag docker-jail
  • Copy shell/docker-jail to /bin/.This is the wrapper script on login
  • Create some users and give them /bin/docker-jail as shell
  • Now every su, ssh, whatever login will make users jailed into a container with the only commands you allow

Notes

  • Containers' users are the one on the host, created on the fly
  • Containers are started with option --net host by default
  • The 2 previous points allow for iptables rules matching users so you keep things simple
  • Containers are ephemeral by default

About

Simple user isolation into Docker containers

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages