How to protect an Incus container from incus exec access?

Incus
1

Hello,

I run containers on an Incus host that is accessible by other users or the cloud provider.

Inside the container, I have proprietary code and deployment scripts that I want to protect.

Is there a way to:

  • Prevent or restrict access to the container via incus exec

  • Require a password or secret before accessing the container’s files

  • Protect the code even if someone has root access to the host

What is the recommended secure approach for this in Incus?

Thank you.

2

No. There’s nothing that prevents root on the host from just accessing whatever it wants in the container by going through /proc, or attaching to the container directly bypassing Incus by just using nsenter.

1 Like