docker privileged参数
转载:
http://blog.iyunv.com/halcyonbaby/article/details/43499409声明:
本博客欢迎转发,但请保留原作者信息!
博客地址:http://blog.iyunv.com/halcyonbaby
内容系本人学习、研究和总结,如有雷同,实属荣幸!
privileged参数
$ docker help run
...
--privileged=false Give extended privileges to this container
...
大约在0.6版,privileged被引入docker。
使用该参数,container内的root拥有真正的root权限。
否则,container内的root只是外部的一个普通用户权限。
privileged启动的容器,可以看到很多host上的设备,并且可以执行mount。
甚至允许你在docker容器中启动docker容器。
未设置privileged启动的容器:
# docker run -t -i centos:latest bash
# ls /dev
consolefdfullfusekcorenullptmxptsrandomshmstderrstdinstdoutttyurandomzero
# mkdir /home/test/
# mkdir /home/test2/
# mount -o bind /home/test/home/test2
mount: permission denied
设置privileged启动的容器:
# docker run -t -i --privileged centos:latest bash
# ls /dev/
autofs dm-1hidraw0 loop1 null ptp3 sg0shm tty10tty19tty27tty35tty43tty51tty6 ttyS1 usbmon3vcs5 vfio
bsg dm-2hidraw1 loop2 nvram pts sg1snapshottty11tty2 tty28tty36tty44tty52tty60ttyS2 usbmon4vcs6 vga_arbiter
btrfs-control dm-3hpet loop3 oldmemrandomsg2snd tty12tty20tty29tty37tty45tty53tty61ttyS3 usbmon5vcsa vhost-net
bus dm-4input mapper port raw sg3stderr tty13tty21tty3 tty38tty46tty54tty62uhid usbmon6vcsa1watchdog
console dm-5kcore mcelog ppp rtc0 sg4stdin tty14tty22tty30tty39tty47tty55tty63uinput vcs vcsa2watchdog0
cpu dm-6kmsg mem ptmx sda sg5stdout tty15tty23tty31tty4 tty48tty56tty7 urandomvcs1 vcsa3zero
cpu_dma_latencyfd kvm net ptp0 sda1 sg6tty tty16tty24tty32tty40tty49tty57tty8 usbmon0vcs2 vcsa4
crash fullloop-controlnetwork_latency ptp1 sda2 sg7tty0 tty17tty25tty33tty41tty5 tty58tty9 usbmon1vcs3 vcsa5
dm-0 fuseloop0 network_throughputptp2 sda3 sg8tty1 tty18tty26tty34tty42tty50tty59ttyS0usbmon2vcs4 vcsa6
# mkdir /home/test/
# mkdir /home/test2/
# mount -o bind /home/test/home/test2
页:
[1]