opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 11:32:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

man: Document the interaction between --systemd and --privileged

Browse Source 
Users need to know about this side effect.

Fixes: 5a2405ae1b3a ("Don't mount /dev/tty* inside privileged...")
Fixes: f4c81b0aa5fd ("Only prevent VTs to be mounted inside ...")
Signed-off-by: Martin Roukala (né Peres) <martin.roukala@mupuf.org>
This commit is contained in:
Martin Roukala (né Peres)
2023-01-16 15:46:42 +02:00
parent 70057c8b47
commit 8db2b4b733
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/markdown/options/privileged.md
View File

@ -9,7 +9,9 @@ Give extended privileges to this container. The default is **false**.
By default, Podman containers are unprivileged (**=false**) and cannot, for
example, modify parts of the operating system. This is because by default a
container is only allowed limited access to devices. A "privileged" container
is given the same access to devices as the user launching the container.
is given the same access to devices as the user launching the container, with
the exception of virtual consoles (_/dev/tty\d+_) when running in systemd
mode (**--systemd=always**).
A privileged container turns off the security features that isolate the
container from the host. Dropped Capabilities, limited devices, read-only mount