docs: clarify what the --privileged flag does#4929
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #4929 +/- ##
=======================================
Coverage 61.46% 61.46%
=======================================
Files 289 289
Lines 20229 20229
=======================================
Hits 12433 12433
Misses 6895 6895
Partials 901 901 |
| ### <a name="privileged"></a> Full container capabilities (--privileged) | ||
| ### <a name="privileged"></a> Escalate container privileges (--privileged) | ||
|
|
||
| The `--privileged` flag gives the following capabilities to a container: |
There was a problem hiding this comment.
Also wondering if we should add a (more detailed?) section in the https://docs.docker.com/go/daemon-access/ section.
There was a problem hiding this comment.
What sort of information do you think we should add to this page?
There was a problem hiding this comment.
(asking because it's not immediately obvious to me what --privileged has to do with post-install actions, or with user group permissions)
There was a problem hiding this comment.
Ah, sorry, more in line of the "daemon attack vector". Being able to start a privileged container is a prime example of "bad things" people could do when having access to the API (hope that makes sense)
|
Looks like validation is failing on this one ( |
Signed-off-by: David Karlsson <[email protected]>
7 participants
- What I did
Attempt to clarify the permissions and capabiliities (and risks) with
using the --privileged flag.
Relates to moby/moby#24387
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)