containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: --privileged docs completeness, consistency 

As discussed in https://github.com/containers/libpod/issues/4840

Signed-off-by: Mark Stosberg <mark@rideamigos.com>
This commit is contained in:
Mark Stosberg 2020-01-10 22:02:08 -05:00
parent 0e9c208d3f
commit 9c8e2822cb
3 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/markdown/podman-create.1.md
View File

@ -586,7 +586,7 @@ To make a pod with more granular options, use the `podman pod create` command be
Give extended privileges to this container. The default is *false*.
By default, Podman containers are
“unprivileged” (=false) and cannot, for example, modify parts of the kernel.
“unprivileged” (=false) and cannot, for example, modify parts of the operating system.
This is because by default a container is not allowed to access any devices.
A “privileged” container is given access to all devices.
@ -595,6 +595,8 @@ to all devices on the host, turns off graphdriver mount options, as well as
turning off most of the security measures protecting the host from the
container.
Rootless containers cannot have more privileges than the account that launched them.
**--publish**, **-p**=*port*
Publish a container's port, or range of ports, to the host

14
docs/source/markdown/podman-exec.1.md
View File

@ -43,7 +43,19 @@ Pass down to the process N additional file descriptors (in addition to 0, 1, 2).
**--privileged**
Give the process extended Linux capabilities when running the command in container.
Give extended privileges to this container. The default is *false*.
By default, Podman containers are
"unprivileged" and cannot, for example, modify parts of the operating system.
This is because by default a container is only allowed limited access to devices.
A "privileged" container is given the same access to devices as the user launching the container.
A privileged container turns off the security features that isolate the
container from the host. Dropped Capabilities, limited devices, read/only mount
points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
Rootless containers cannot have more privileges than the account that launched them.
**--tty**, **-t**

17
docs/source/markdown/podman-run.1.md
View File

@ -599,15 +599,16 @@ If a container is run with a pod, and the pod has an infra-container, the infra-
Give extended privileges to this container. The default is *false*.
By default, Podman containers are “unprivileged” (=false) and cannot,
for example, modify parts of the kernel. This is because by default a
container is not allowed to access any devices. A “privileged” container
is given access to all devices.
By default, Podman containers are “unprivileged” (=false) and cannot, for
example, modify parts of the operating system. This is because by default a
container is only allowed limited access to devices. A "privileged" container
is given the same access to devices as the user launching the container.
When the operator executes **podman run --privileged**, Podman enables access
to all devices on the host, turns off graphdriver mount options, as well as
turning off most of the security measures protecting the host from the
container.
A privileged container turns off the security features that isolate the
container from the host. Dropped Capabilities, limited devices, read/only mount
points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
Rootless containers cannot have more privileges than the account that launched them.
**--publish**, **-p**=*port*