Merge pull request #3419 from iainelder/patch-1

Describe privileged mode in terms of capabilities
2022-04-02 00:13:50 +02:00 · 2022-04-02 00:13:50 +02:00 · a4b6fe16ae
parent 984b580cab 8b408372f9
commit a4b6fe16ae
1 changed files with 6 additions and 6 deletions
--- a/docs/reference/run.md
+++ b/docs/reference/run.md
@ -1249,12 +1249,12 @@ by default a container is not allowed to access any devices, but a
 "privileged" container is given access to all devices (see
 the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)).
-When the operator executes `docker run --privileged`, Docker will enable
+The --privileged flag gives all capabilities to the container. When the operator
-access to all devices on the host as well as set some configuration
+executes `docker run --privileged`, Docker will enable access to all devices on
-in AppArmor or SELinux to allow the container nearly all the same access to the
+the host as well as set some configuration in AppArmor or SELinux to allow the
-host as processes running outside containers on the host. Additional
+container nearly all the same access to the host as processes running outside
-information about running with `--privileged` is available on the
+containers on the host. Additional information about running with `--privileged`
-[Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
+is available on the [Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
 If you want to limit access to a specific device or devices you can use
 the `--device` flag. It allows you to specify one or more devices that