github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-13 12:59:36 +00:00
Code Issues Projects Releases Wiki Activity

Limitations: Remove privileged flag limitation

Browse Source 
Kata does support privileged flag but within the guest,
so explain how this works in the Limitations docs.

Fixes #362

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This commit is contained in:
Archana Shinde
2019-03-21 14:18:12 -07:00
parent 2069a3d953
commit bf0d680f56
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Limitations.md
View File

@@ -220,10 +220,12 @@ See more documentation at
### docker run --privileged ### docker run --privileged
The `docker run --privileged` command is not supported in the runtime. Privileged support in Kata is essentially different from `runc` containers.
There is no simple way to grant the VM access to all of the host devices that this command needs to be complete. Kata does support `docker run --privileged` command, but in this case full access
to the guest VM is provided instead of the host.
The `--privileged` option can be used with `runc` containers and inter-mixed with running Kata Containers. This enables use of `--privileged` when necessary. The container runs with elevated capabilities within the guest and is granted
access to guest devices instead of the host devices.
This is also true with using `securityContext privileged=true` with Kubernetes.
# Miscellaneous # Miscellaneous