The Ethernity NODE runs tasks that are requested through the blockchain smart contract. This allows anybody to run their own software freely as long as it can be bundled inside a docker container.
In order to prevent abuse, the node restricts by default all outgoing connectivity of the full virtualization layer. Only to the required services are permitted: blockchain RPC, ipfs node, docker registry.
Further restrictions can be applied by the node operator by updating the source code which is licensed AGLP v3. Additional restrictions can include: running tasks requested only by a set of wallet addresses or running tasks containing only desired docker images.
Node operators are responsible for maintaining and enforcing their own set of rules.
Running a node requires generating two keypairs that represent the identity of your node and you are fully responsible to keep it safe. Do not share this information, or store it unencrypted outside the node configuration.