Scadge Scadge - 4 months ago 21x
Node.js Question

Restricting file access of Docker container

Suppose I have NodeJS application inside of Docker container. NodeJS can interact with host's filesystem using

module. What I want is to give it access only to one folder (for example, /home/user1/thisfolder), and deny reading/writing any other folder or file on my host. Is there a way to restrict such kind of access in Docker?

Using AppArmor I could give
process only access to given directories, and when it tries to acces any other - it gets
permission denied


The solution you want to use is to mount a volume on the container using the -v option.

docker run -v /path/to/directory/on/your/host:/path/to/directory/on/your/container image CMD

It will let you access your volume.

More info :

If you want to restrict access to other part of your container you should use Apparmor from outside the container.