Side Gadgets

Docker 101 : Privileged containers


ByPosted at
Share

Docker allows us to have privileged containers that could have access to the resources of the "host" system.

We can run a privileged debian container for example using the below command:


In the above privileged container , we have access to the "/proc" filesystem for example.

Docker also allows us to add or remove capabilities depending on the container's needs.
Linux capabilities could be added to a container using the below command:


Below is a list of some of Linux capabilities:
  • "CAP_CHOWN"
  • "CAP_DAC_OVERRIDE"
  • "CAP_FSETID"
  • "CAP_FOWNER"
  • "CAP_MKNOD"
  • "CAP_NET_RAW"
  • "CAP_SETGID"
To avoid security holes on a system, we could check the containers that are running with a privileged mode.

To look for privileged containers on a host, we could use the below command:


Post a Comment
Labels
Random thoughts, and observations about our daily lives, to make us reflect about life in general.

Comments

Leave as a comment:

Archive