github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-29 00:37:24 +00:00
Code Issues Projects Releases Wiki Activity

docs: Clarify security boundaries in privileged mode

Browse Source 
See https://github.com/kata-containers/runtime/issues/1568

Fixes #453

Signed-off-by: Leopold Schabel <mail@leoschabel.de>
This commit is contained in:
Leopold Schabel 2019-05-02 11:12:39 +00:00 committed by Leopold
parent adc0462a88
commit 0721b6a2e9
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Limitations.md
View File

@ -221,11 +221,15 @@ See more documentation at
Privileged support in Kata is essentially different from `runc` containers. Privileged support in Kata is essentially different from `runc` containers.
Kata does support `docker run --privileged` command, but in this case full access Kata does support `docker run --privileged` command, but in this case full access
to the guest VM is provided instead of the host. to the guest VM is provided in addition to some host access.
The container runs with elevated capabilities within the guest and is granted The container runs with elevated capabilities within the guest and is granted
access to guest devices instead of the host devices. access to guest devices instead of the host devices.
This is also true with using `securityContext privileged=true` with Kubernetes. This is also true with using `securityContext privileged=true` with Kubernetes.
The container may also be granted full access to a subset of host devices
(https://github.com/kata-containers/runtime/issues/1568).
# Miscellaneous # Miscellaneous
This section lists limitations where the possible solutions are uncertain. This section lists limitations where the possible solutions are uncertain.