Create new containers from within existing container - specific users only

rhajeshkopa · March 1, 2021, 1:44pm

Hi,
I recently stumbled upon this thread. I mounted the docker socket and was indeed able to run other containers from my own. But I found out every user in that container could do the same. So, I would be curious if it is possible to limit to only some users inside the container to be able to use the docker API?

My understanding of the linked post was that only the users in specific group will be able to use the API, but it didnt work that way.

minrk · March 2, 2021, 2:00pm

Permissions get weird when mounting a socket into a container. I think you might be able to control this with the mounts options, but it would probably be better to configure the spawner such that it only mounts the sockets for the users you want to have access, with a subclass of DockerSpawner.

Topic		Replies	Views
Launch additional docker containers from a Jupyter Notebook instance JupyterHub	3	713	February 23, 2021
Facing permisson issue while creating an ipynb file on a volume attached to a container spawn by DockerSpawner JupyterHub jupyterhub , help-wanted , docker	2	640	March 8, 2024
Creating the separate container for each user in Jupyterhub for multi-user environment JupyterHub docker	1	530	September 15, 2022
Problems spawning single-user-servers (using groups) JupyterHub jupyterhub , help-wanted	6	368	November 30, 2023
Need some help with spawners JupyterHub jupyterhub , how-to , help-wanted	11	1611	July 10, 2022

Create new containers from within existing container - specific users only

Related topics