You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe
Currently, when users create or modify containers, they can freely choose the host network mode. This can introduce security and isolation risks, especially in shared environments or multi-tenant scenarios where users should not have the ability to bypass network isolation or directly bind to host network interfaces. Administrators have no built-in way to restrict this option.
Describe the solution you'd like
I would like Portainer to provide a permission or configuration option—preferably within the Environment > Security Settings section, that allows administrators to disable the use of host network mode for non-admin users.
This could work similarly to existing restrictions (e.g., disabling privileged mode, restricting bind mounts, blocking host PID/IPC mapping, etc.).
When enabled, standard users would only be allowed to select:
bridge
user-defined networks they create or are granted access to
Admin users would still retain full access, including host mode, to avoid disrupting advanced use cases.
Describe alternatives you've considered
Relying on user education or manually reviewing containers, which is unreliable and does not scale.
Using custom templates that exclude host networking, but users can still bypass templates by creating containers manually.
None of these approaches provide a clean, enforceable, Portainer-native restriction.
Additional context
This feature would help administrators maintain isolation and security by preventing regular users from exposing containers directly on the host network.
It would also align well with Portainer’s existing pattern of allowing granular control over what users can or cannot do inside an environment.
I have already searched for similar discussions and could not find a duplicate.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Portainer.io
Uh oh!
There was an error while loading. Please reload this page.
-
Is your feature request related to a problem? Please describe
Currently, when users create or modify containers, they can freely choose the
hostnetwork mode. This can introduce security and isolation risks, especially in shared environments or multi-tenant scenarios where users should not have the ability to bypass network isolation or directly bind to host network interfaces. Administrators have no built-in way to restrict this option.Describe the solution you'd like
I would like Portainer to provide a permission or configuration option—preferably within the Environment > Security Settings section, that allows administrators to disable the use of
hostnetwork mode for non-admin users.This could work similarly to existing restrictions (e.g., disabling privileged mode, restricting bind mounts, blocking host PID/IPC mapping, etc.).
When enabled, standard users would only be allowed to select:
bridgeAdmin users would still retain full access, including
hostmode, to avoid disrupting advanced use cases.Describe alternatives you've considered
hostnetworking, but users can still bypass templates by creating containers manually.None of these approaches provide a clean, enforceable, Portainer-native restriction.
Additional context
This feature would help administrators maintain isolation and security by preventing regular users from exposing containers directly on the host network.
It would also align well with Portainer’s existing pattern of allowing granular control over what users can or cannot do inside an environment.
I have already searched for similar discussions and could not find a duplicate.
Beta Was this translation helpful? Give feedback.
All reactions