github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-14 07:34:35 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #408 from amshinde/remove-privileged-limitation

Browse Source 
Limitations: Remove privileged flag limitation
This commit is contained in:
Graham Whaley 2019-03-22 17:04:52 +00:00 committed by GitHub
commit 6301fbe458
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Limitations.md
View File

@ -220,10 +220,12 @@ See more documentation at
### docker run --privileged ### docker run --privileged
The `docker run --privileged` command is not supported in the runtime. Privileged support in Kata is essentially different from `runc` containers.
There is no simple way to grant the VM access to all of the host devices that this command needs to be complete. Kata does support `docker run --privileged` command, but in this case full access
to the guest VM is provided instead of the host.
The `--privileged` option can be used with `runc` containers and inter-mixed with running Kata Containers. This enables use of `--privileged` when necessary. The container runs with elevated capabilities within the guest and is granted
access to guest devices instead of the host devices.
This is also true with using `securityContext privileged=true` with Kubernetes.
# Miscellaneous # Miscellaneous