mirror of
https://github.com/containers/podman.git
synced 2025-12-13 10:28:48 +08:00
c9c2f644da
In each options/foo.md, keep a list of where the option is used. This will be valuable to anyone making future edits, and to those reviewing those edits. This may be a controversial commit, because those crossref lists are autogenerated as a side effect of the script that reads them. It definitely violates POLA. And one day, some kind person will reconcile (e.g.) --label, using it in more man pages, and maybe forget to git-commit the rewritten file, and CI will fail. I think this is a tough tradeoff, but worth doing. Without this, it's much too easy for someone to change an option file in a way that renders it inapplicable/misleading for some podman commands. Signed-off-by: Ed Santiago <santiago@redhat.com>
19 lines
869 B
Markdown
19 lines
869 B
Markdown
####> This option file is used in:
|
|
####> podman create, exec, run
|
|
####> If you edit this file, make sure your changes
|
|
####> are applicable to all of those.
|
|
#### **--privileged**
|
|
|
|
Give extended privileges to this container. The default is **false**.
|
|
|
|
By default, Podman containers are unprivileged (**=false**) and cannot, for
|
|
example, modify parts of the operating system. This is because by default a
|
|
container is only allowed limited access to devices. A "privileged" container
|
|
is given the same access to devices as the user launching the container.
|
|
|
|
A privileged container turns off the security features that isolate the
|
|
container from the host. Dropped Capabilities, limited devices, read-only mount
|
|
points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
|
|
|
|
Rootless containers cannot have more privileges than the account that launched them.
|