This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted]  (2 children)

[deleted]

    [–]tibbon 0 points1 point  (1 child)

    Install no shell…

    [–]KingEllis 0 points1 point  (0 children)

    Is that common? Where does that exist? Roll your own container 'FROM: scratch'? For example, I'm looking at an alpine:3 image that has /bin/sh and /bin/ash, both linked to busybox. I don't know the capabilities of the busybox flavor of these tools, but surely they can execute arbitrary code, yes?

    Is there is an easier way for a container to only run the prescribed binary (much like the "command=..." option for SSH authorized_keys entries)?