Home

Awesome

R Rserve docker image for safe execution

This directory builds a docker image that safely executes Rserve. Rserve connections use a Unix domain socket, such that the container can be started with the --net=none to deny it any access to a network. The socket is created in the volume /rserve and named socket. There are two ways to make the socket available:

  1. Start using --name=rserve. This makes the socket available from embedded volume. Other docket container can use --with-volumes-from rserve to get access to the Rserve socket.
```
docker run --net=none --name=rserve rserve
```

2. Create a directory that is owned by a non-priviledged user/group and has its permissions set to provide access to the selected users. For example:

```
useradd -U --create-home --home=/home/rserve rserve
chmod 770 /home/rserve
```

Now, the image can be started using the command below, creating /home/rserve/socket. Note that the R server runs with the UID/GID of the mounted directory.

```
docker run --net=none -v /home/rserve:/rserve rserve
```

Safety

To protect the container, we

Installation

Customization