Docker Privileged Mode Semantics

TL;DR Grants the container the full set of possible Linux capabilities Mounts all host devices to the container Runs the container with unconfined AppArmor, seccomp, and SELinux profiles Does not set process owner to root Background This is post is essentially a note to self and colleagues on the semantics of Docker’s privileged mode option. Knowing clearly what this option implies is important when faced with an audit, as many software audits are designed to automatically red-flag containers that are run with this option....

July 20, 2020 · 5 min · Pierce Bartine