完全封闭的源Docker容器 [英] A completely closed source docker container
问题描述
我想知道是否可以提供Docker映像,但不允许对已构建容器的内部进行任何访问。基本上,容器映像的用户可以使用其提供的服务,但不能深入研究容器内的任何代码。
称其为混淆源代码的一种方法,但也提供了一种根据容器向某人提供服务(软件),而不是提供软件本身。类似于容器即服务,但主要优点是开发人员也可以将这些容器用于本地开发,而无需访问容器中的基础代码。
I was wondering if it is possible to offer Docker images, but not allow any access to the internals of the built containers. Basically, the user of the container images can use the services they provide, but can't dig into any of the code within the containers.
Call it a way to obfuscate the source code, but also offer a service (the software) to someone on the basis of the container, instead of offering the software itself. Something like "Container as a Service", but with the main advantage that the developer can use these container(s) for local development too, but with no access to the underlying code within the containers.
我的第一个想法是,Docker实例的控制器控制一切直至根访问。因此,不可能。但是,我是Docker的新手,并不了解它的所有可能性。
My first thinking is, the controller of the Docker instances controls everything down to root access. So no, it isn't possible. But, I am new to Docker and am not aware of all of its possibilities.
这个主意有可能吗?
推荐答案
令人困惑仅基于解决方案的解决方案是不够的,因为 加密和安全的Docker容器详细信息。
An obfuscation-based only solution would not be enough, as "Encrypted and secure docker containers" details.
您需要完全控制容器正在运行的主机,以防止发生任何戳戳。在您的方案中情况并非如此,开发人员确实可以访问运行该容器的主机(即他/她的本地开发计算机)。
You would need full control of the host your containers are running in order to prevent any "poking". And that is not the case in your scenario, where a developer does have access to the host (ie his/her local development machine) where said container would run.
这篇关于完全封闭的源Docker容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
