Menu
Would like to know via bash script, if current running container was started in --privileged mode from inside the container (not from the host machine).
For now I'm stuck with passing an env var with the flag but is not an ideal solution.
355
We have run the 'fdisk –l' command to check that the container is running under privilege mode. Notes: Any command that requires privilege flag to be successful can be used to test the privilege mode inside the container.
By default, containers do not run in a privileged mode. For a container to run as a privileged application, the user must “flag” it to enable all capabilities to the container or pod. In other words, when a container is in a privileged mode, you are giving the container all the capabilities that a host can perform.
What is Docker Privileged Mode? Docker privileged mode grants a Docker container root capabilities to all devices on the host system. Running a container in privileged mode gives it the capabilities of its host machine. For example, it enables it to modify App Arm and SELinux configurations.
Running a pod in a privileged mode means that the pod can access the host's resources and kernel capabilities. You can turn a pod into a privileged one by setting the privileged flag to `true` (by default a container is not allowed to access any devices on the host).
Use the docker inspect command:
docker inspect --format='{{.HostConfig.Privileged}}' <container id> And within a bash script you could have a test:
if [[ $(docker inspect --format='{{.HostConfig.Privileged}}' <container id>) == "false" ]]; then echo not privileged else echo privileged fi You have to try to run a command that requires the --privileged flag and see if it fails
For instance ip link add dummy0 type dummy is a command which requires the --privileged flag to be successful:
$ docker run --rm -it ubuntu ip link add dummy0 type dummy RTNETLINK answers: Operation not permitted while
$ docker run --rm -it --privileged ubuntu ip link add dummy0 type dummy runs fine.
In a bash script you could do something similar to this:
ip link add dummy0 type dummy >/dev/null if [[ $? -eq 0 ]]; then PRIVILEGED=true # clean the dummy0 link ip link delete dummy0 >/dev/null else PRIVILEGED=false fi If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
