A brief discussion on the role of the docker --privileged=true parameter

Around version 0.6, privileged was introduced to Docker.

With this parameter, the root in the container has real root permissions.

Otherwise, the root in the container has only the permissions of an ordinary user outside.

A container started with privileged can see many devices on the host and can mount them.

It even allows you to start docker containers within docker containers.

$ docker help run 
...
--privileged=false Give extended privileges to this container
...

Here is a Mysql example

We haven’t added the --privileged=true parameter to the startup command. We can clearly see that Docker tries to run the container, but it closes immediately.

Order

docker run --name mysql-test -e MYSQL_ROOT_PASSWORD=123456 -p 9092:3306 -d daocloud.io/library/mysql:5.7.6

Try to use some commands, prompt permission denied, permission prohibited

After adding the parameter command

docker run --name mysql-test --privileged=true -e MYSQL_ROOT_PASSWORD=123456 -p 9092:3306 -d daocloud.io/library/mysql:5.7.6

Run the command successfully

Container started without privileged:

[root@localhost ~]# docker run -t -i centos:latest bash
[root@ed8fee643129 /]# lsblk 
lsblk: dm-0: failed to get device path
lsblk: dm-1: failed to get device path
lsblk: dm-0: failed to get device path
lsblk: dm-1: failed to get device path
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 80G 0 disk 
|-vda1 252:1 0 1G 0 part 
`-vda2 252:2 0 79G 0 part 
vdb 252:16 0 200G 0 disk 
|-vdb1 252:17 0 50G 0 part 
|-vdb2 252:18 0 50G 0 part 
`-vdb3 252:19 0 100G 0 part 
[root@ed8fee643129 /]# mount /dev/vdb3 /mnt/
mount: permission denied

Set the container to be started as privileged:

[root@docker ~]# docker run -t -i --privileged centos:latest bash
[root@f83ce3877aa1 /]# 
[root@f83ce3877aa1 /]# 
[root@f83ce3877aa1 /]# mount /dev/vdb3 /mnt/
[root@f83ce3877aa1 /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 77G 25G 52G 33% /
tmpfs 64M 0 64M 0% /dev
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/mapper/centos-root 77G 25G 52G 33% /etc/hosts
shm 64M 0 64M 0% /dev/shm
/dev/vdb3 100G 33M 100G 1% /mnt
[root@f83ce3877aa1 /]#

This is the end of this article about the role of the docker --privileged=true parameter. For more related docker --privileged=true content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

How to view the docker run startup parameter command (recommended)
How to specify parameter variables externally in docker
Docker: Modifying the DOCKER_OPTS parameter in /etc/default/docker does not take effect

<<: jQuery achieves the shutter effect (using li positioning)

>>: Detailed explanation of MYSQL character set setting method (terminal character set)