Merge pull request #3419 from iainelder/patch-1

Describe privileged mode in terms of capabilities
This commit is contained in:
Sebastiaan van Stijn 2022-04-02 00:13:50 +02:00 committed by GitHub
commit a4b6fe16ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions

View File

@ -1249,12 +1249,12 @@ by default a container is not allowed to access any devices, but a
"privileged" container is given access to all devices (see
the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)).
When the operator executes `docker run --privileged`, Docker will enable
access to all devices on the host as well as set some configuration
in AppArmor or SELinux to allow the container nearly all the same access to the
host as processes running outside containers on the host. Additional
information about running with `--privileged` is available on the
[Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
The --privileged flag gives all capabilities to the container. When the operator
executes `docker run --privileged`, Docker will enable access to all devices on
the host as well as set some configuration in AppArmor or SELinux to allow the
container nearly all the same access to the host as processes running outside
containers on the host. Additional information about running with `--privileged`
is available on the [Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
If you want to limit access to a specific device or devices you can use
the `--device` flag. It allows you to specify one or more devices that