Docker 101 : Privileged containers
We can run a privileged debian container for example using the below command:
In the above privileged container , we have access to the "/proc" filesystem for example.
Docker also allows us to add or remove capabilities depending on the container's needs.
Linux capabilities could be added to a container using the below command:
- "CAP_CHOWN"
- "CAP_DAC_OVERRIDE"
- "CAP_FSETID"
- "CAP_FOWNER"
- "CAP_MKNOD"
- "CAP_NET_RAW"
- "CAP_SETGID"
To avoid security holes on a system, we could check the containers that are running with a privileged mode.
To look for privileged containers on a host, we could use the below command:
Comments