[docker]Full container capabilities (–privileged)
来源:互联网 发布:java invoke 方法 编辑:程序博客网 时间:2024/06/05 16:30
Full container capabilities (–privileged)
$ docker run -t -i --rm ubuntu bashroot@bc338942ef20:/# mount -t tmpfs none /mntmount: permission denied
This will not work, because by default, most potentially dangerous kernel capabilities are dropped; including cap_sys_admin
(which is required to mount filesystems). However, the --privileged
flag will allow it to run:
$ docker run -t -i --privileged ubuntu bashroot@50e3f57e16e6:/# mount -t tmpfs none /mntroot@50e3f57e16e6:/# df -hFilesystem Size Used Avail Use% Mounted onnone 1.9G 0 1.9G 0% /mnt
The --privileged
flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device
cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.
参考:
https://docs.docker.com/engine/reference/commandline/run/#full-container-capabilities---privileged
0 0
- [docker]Full container capabilities (–privileged)
- [docker]privileged参数
- docker privileged参数
- docker privileged mode
- [docker]privileged参数
- [docker]privileged参数
- docker run 中的privileged参数
- Kubernetes对Container Capabilities的支持
- Getting Started With MySQL's Full-Text Search Capabilities
- Docker container 容器介绍
- Docker Container网络模式
- docker image 与 container
- Docker数据管理:data container
- Docker Container网络
- docker container 导入导出
- Docker OS container
- appium– Desired Capabilities详解
- Docker学习(3)------Docker Container
- 【干货收藏】云服务器从选配置、到远程链接、到环境配置的新手入门百问-Windows系统篇
- 学习整理--对js的新认识
- 如鹏java学习进程 键盘控制精灵移动
- C#中的索引器
- ue4 FPaths各目录
- [docker]Full container capabilities (–privileged)
- 面试干货——年底干货大放送,你准备好了吗?
- test
- win10 5.6.35MySQL主从同步配置
- /etc/inittab文件详解
- Docker入门详解
- Codeforces 799B T-shirt buying 题解
- Java中对文件的读写操作
- cas 傻瓜翻译deployerConfigContext.xml