fix privileged description miss (#7515)

modified: docs/concepts/policy/pod-security-policy.md
2018-02-28 03:15:46 +08:00 · 2018-02-28 03:15:46 +08:00 · 01b2e27580
parent 0a3cf5ed82
commit 01b2e27580
1 changed files with 10 additions and 1 deletions
--- a/docs/concepts/policy/pod-security-policy.md
+++ b/docs/concepts/policy/pod-security-policy.md
@ -23,7 +23,7 @@ administrator to control the following:

 | Control Aspect                                      | Field Names                                 |
 | ----------------------------------------------------| ------------------------------------------- |
-| Running of privileged containers                    | `privileged`                                |
+| Running of privileged containers                    | [`privileged`](#privileged)                                |
 | Usage of the root namespaces                        | [`hostPID`, `hostIPC`](#host-namespaces)    |
 | Usage of host networking and ports                  | [`hostNetwork`, `hostPorts`](#host-namespaces) |
 | Usage of volume types                               | [`volumes`](#volumes-and-file-systems)      |
@ -354,6 +354,15 @@ several security mechanisms.

 ## Policy Reference

+### Privileged
+
+**Privileged** - determines if any container in a pod can enable privileged mode.
+By default a container is not allowed to access any devices on the host, but a 
+"privileged" container is given access to all devices on the host. This allows
+the container nearly all the same access as processes running on the host.
+This is useful for containers that want to use linux capabilities like
+manipulating the network stack and accessing devices.
+
 ### Host namespaces

 **HostPID** - Controls whether the pod containers can share the host process ID