Support for Command-Level Logging and User Attribution Inside Docker Container

[yashwanth98-devops]

Tell us about your request We would like Docker to support native command-level logging for interactive sessions inside running containers (e.g., via docker exec). Specifically, we are requesting the ability to track shell commands executed within containers, along with user attribution and timestamps, for audit and compliance purposes.

Which service(s) is this request for? Docker Engine (runtime), Docker CLI, and potentially integrations with Docker Desktop or Docker logging drivers.

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We operate in a multi-user environment where several team members access running Docker containers—typically using docker exec -it bash—often as the root user. Our goal is to track what commands are executed inside these containers and who executed them.

However, Docker currently lacks a native mechanism to log such activity. Because containers generally do not preserve information about the original host user who ran docker exec, and internal container sessions often default to the root user, we lose visibility and accountability. This is especially problematic in shared environments like staging or production, where traceability is critical for auditing and incident response.

Are you currently working around the issue? Yes, we are experimenting with solutions like:

Auditd on the container or host

Shell wrapping (forcing users to use a custom shell that logs commands)

However, these approaches are either intrusive, difficult to scale, or not fully reliable across dynamic and ephemeral container environments.