Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3419 from iainelder/patch-1 

Describe privileged mode in terms of capabilities
This commit is contained in:
Sebastiaan van Stijn 2022-04-02 00:13:50 +02:00 committed by GitHub
parent 984b580cab 8b408372f9
commit a4b6fe16ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/reference/run.md
View File

@ -1249,12 +1249,12 @@ by default a container is not allowed to access any devices, but a
"privileged" container is given access to all devices (see
the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)).
When the operator executes `docker run --privileged`, Docker will enable
access to all devices on the host as well as set some configuration
in AppArmor or SELinux to allow the container nearly all the same access to the
host as processes running outside containers on the host. Additional
information about running with `--privileged` is available on the
[Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
The --privileged flag gives all capabilities to the container. When the operator
executes `docker run --privileged`, Docker will enable access to all devices on
the host as well as set some configuration in AppArmor or SELinux to allow the
container nearly all the same access to the host as processes running outside
containers on the host. Additional information about running with `--privileged`
is available on the [Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
If you want to limit access to a specific device or devices you can use
the `--device` flag. It allows you to specify one or more devices that