This blog will explain:
Should You Run Privileged Docker Containers?
Running containers in privileged mode are not advised because it is risky. Like privileged mode, the root container will have full access as the host’s root user and avoid all checks. Another reason is that if the host’s hardware resources and the kernel are ever exposed to an outside attacker, the system may constantly be in danger. However, running the privileged container is necessary for some situations, such as running Docker inside another Docker platform.
How to Run a Privileged Docker Container?
To run the Docker containers in a privileged mode to grant host privileges, follow the provided instructions.
Step 1: Create Dockerfile
First, open the Visual Studio code editor and create a new Dockerfile. After that, paste the following code into “Dockerfile” as shown below. These instructions will execute the simple Golang program on the server:
WORKDIR /go/src/app
COPY main.go .
RUN go build -o webserver .
CMD ["./webserver"]
Step 2: Create Program File
Next, create a “main.go” file and paste the following Golang code into the file. This will display the “Hello! Welcome to LinuxHint Tutorial”:
import (
"fmt"
"log"
"net/http"
)
funchandler (w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello! Welcome to LinuxHint Tutorial")
}
funcmain () {
http.HandleFunc("/", handler)
log.Fatal(http.ListenAndServe("0.0.0.0:8080", nil))
}
Step 3: Build Docker Image
After that, build the new Docker image using the provided command. The “-t” flag is utilized to specify the tag or name of the Docker image:
Step 4: Run Docker Container in Privileged Mode
Next, run the Docker container in privileged mode by executing the newly created image along with the “–privileged” option. Here, the “-d” option is used to run the container in the background, and the “-p” option is utilized to specify the port number for the local host:
Then, navigate to the “localhost:8080” to check whether the application is running or not:
It can be observed that we have successfully deployed the program and run the container in privileged mode.
Step 5: List Down Docker Containers
List down all containers with the help of the “docker ps” command along with the “-a” option:
Note the container id to check if it is running in privileged mode or not:
Step 6: Check Container is Running in Privileged Mode
To check if the container is running in privileged mode or not, utilize the “docker inspect” command along with mentioned format and copied container id:
The “true” output signifies that the container is running in privileged mode:
Again, execute the provided command with another container id:
Here, you can see the “false” output that indicates the container which has a specified id is not running in privileged mode:
We have discussed whether should users execute the Docker container in privileged mode.
Conclusion
No, it is not recommended to run containers in privileged mode as it creates a security risk. Containers with root access have full privileges as the host’s root access and will avoid all checks. To run the Docker container with privileged mode, use the “docker run –privileged” command. This write-up has elaborated on whether you should run privileged Docker containers.
