Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to know if a docker container is running in privileged mode

Would like to know via bash script, if current running container was started in --privileged mode from inside the container (not from the host machine).

For now I'm stuck with passing an env var with the flag but is not an ideal solution.

like image 355
Leo Gallucci Avatar asked Aug 21 '15 15:08

Leo Gallucci


People also ask

How do I know if a container is privileged?

We have run the 'fdisk –l' command to check that the container is running under privilege mode. Notes: Any command that requires privilege flag to be successful can be used to test the privilege mode inside the container.

How do I run a Docker container in privileged mode?

By default, containers do not run in a privileged mode. For a container to run as a privileged application, the user must “flag” it to enable all capabilities to the container or pod. In other words, when a container is in a privileged mode, you are giving the container all the capabilities that a host can perform.

What is a privileged Docker container?

What is Docker Privileged Mode? Docker privileged mode grants a Docker container root capabilities to all devices on the host system. Running a container in privileged mode gives it the capabilities of its host machine. For example, it enables it to modify App Arm and SELinux configurations.

How do I run pods in privileged mode?

Running a pod in a privileged mode means that the pod can access the host's resources and kernel capabilities. You can turn a pod into a privileged one by setting the privileged flag to `true` (by default a container is not allowed to access any devices on the host).


1 Answers

From the docker host

Use the docker inspect command:

docker inspect --format='{{.HostConfig.Privileged}}' <container id> 

And within a bash script you could have a test:

if [[ $(docker inspect --format='{{.HostConfig.Privileged}}' <container id>) == "false" ]]; then     echo not privileged else     echo privileged fi 

From inside the container itself

You have to try to run a command that requires the --privileged flag and see if it fails

For instance ip link add dummy0 type dummy is a command which requires the --privileged flag to be successful:

$ docker run --rm -it ubuntu ip link add dummy0 type dummy RTNETLINK answers: Operation not permitted 

while

$ docker run --rm -it --privileged ubuntu ip link add dummy0 type dummy 

runs fine.

In a bash script you could do something similar to this:

ip link add dummy0 type dummy >/dev/null if [[ $? -eq 0 ]]; then     PRIVILEGED=true     # clean the dummy0 link     ip link delete dummy0 >/dev/null else     PRIVILEGED=false fi 
like image 51
Thomasleveil Avatar answered Oct 21 '22 15:10

Thomasleveil