What does the docker exec --privileged flag do?

Question

I've come across the --privileged flag for docker exec, but the manual does not provide much of an explanation:

--privileged      Give extended privileges to the command

That's all. No more explanation or example.

Searching the web for more info, I only found descriptions of containers running in privileged mode, but it appears to me that this doesn't have anything to do with the privileged mode of docker exec. I assume that these privileges apply to the executed command, and I imagine that it means that it is run under a privileged user (root). But then, I wonder what the difference would be compared to docker exec -u 0?

Answer 1

By default, container runtimes go to great lengths to shield a container from the host system. Running in --privileged mode disables/bypasses most of these checks. This basically means that if you are root in a container you have the privileges of root on the host system. It is only meant for special cases such as running Docker in Docker (for example, in pipeline for sharing the docker socket from the host) and should be avoided.