Scadge Scadge - 5 months ago 39
Node.js Question

Restricting file access of Docker container

Suppose I have NodeJS application inside of Docker container. NodeJS can interact with host's filesystem using

fs
module. What I want is to give it access only to one folder (for example, /home/user1/thisfolder), and deny reading/writing any other folder or file on my host. Is there a way to restrict such kind of access in Docker?

UPD GOT ANSWER:
Using AppArmor I could give
node
process only access to given directories, and when it tries to acces any other - it gets
permission denied
.

Answer

The solution you want to use is to mount a volume on the container using the -v option.

docker run -v /path/to/directory/on/your/host:/path/to/directory/on/your/container image CMD

It will let you access your volume.

More info : https://docs.docker.com/userguide/dockervolumes/

If you want to restrict access to other part of your container you should use Apparmor from outside the container.