Docker

Should I Run Privileged Docker Containers?

Docker containers are the main component of the Docker platform that enables developers to build and deploy the program in virtualized run time environment. They are managed and instructed by Docker images. The Docker container encapsulates the project and all its dependencies. Docker containers can be executable in privileged mode, a powerful function of the Docker platform that enables programmers to run containers with root access which means containers can access full host privileges

This blog will explain:

Should You Run Privileged Docker Containers?

Running containers in privileged mode are not advised because it is risky. Like privileged mode, the root container will have full access as the host’s root user and avoid all checks. Another reason is that if the host’s hardware resources and the kernel are ever exposed to an outside attacker, the system may constantly be in danger. However, running the privileged container is necessary for some situations, such as running Docker inside another Docker platform.

How to Run a Privileged Docker Container?

To run the Docker containers in a privileged mode to grant host privileges, follow the provided instructions.

Step 1: Create Dockerfile

First, open the Visual Studio code editor and create a new Dockerfile. After that, paste the following code into “Dockerfile” as shown below. These instructions will execute the simple Golang program on the server:

FROM golang:1.8 AS builder

WORKDIR /go/src/app

COPY main.go .

RUN go build -o webserver .

CMD ["./webserver"]

Step 2: Create Program File

Next, create a “main.go” file and paste the following Golang code into the file. This will display the “Hello! Welcome to LinuxHint Tutorial”:

Package main

import (
"fmt"
"log"
"net/http"
)

funchandler (w http.ResponseWriter, r *http.Request) {
        fmt.Fprintf(w, "Hello! Welcome to LinuxHint Tutorial")
}
funcmain () {
        http.HandleFunc("/", handler)
        log.Fatal(http.ListenAndServe("0.0.0.0:8080", nil))
}

Step 3: Build Docker Image

After that, build the new Docker image using the provided command. The “-t” flag is utilized to specify the tag or name of the Docker image:

$ docker build -t golang:latest .

Step 4: Run Docker Container in Privileged Mode

Next, run the Docker container in privileged mode by executing the newly created image along with the “–privileged” option. Here, the “-d” option is used to run the container in the background, and the “-p” option is utilized to specify the port number for the local host:

$ docker run --privileged -d -p 8080:8080 golang

Then, navigate to the “localhost:8080” to check whether the application is running or not:


It can be observed that we have successfully deployed the program and run the container in privileged mode.

Step 5: List Down Docker Containers

List down all containers with the help of the “docker ps” command along with the “-a” option:

$ docker ps -a

Note the container id to check if it is running in privileged mode or not:

Step 6: Check Container is Running in Privileged Mode

To check if the container is running in privileged mode or not, utilize the “docker inspect” command along with mentioned format and copied container id:

$ docker inspect --format='{{.HostConfig.Privileged}}' b46571b87efd

The “true” output signifies that the container is running in privileged mode:

Again, execute the provided command with another container id:

$ docker inspect --format='{{.HostConfig.Privileged}}' d3187ab39ee9

Here, you can see the “false” output that indicates the container which has a specified id is not running in privileged mode:


We have discussed whether should users execute the Docker container in privileged mode.

Conclusion

No, it is not recommended to run containers in privileged mode as it creates a security risk. Containers with root access have full privileges as the host’s root access and will avoid all checks. To run the Docker container with privileged mode, use the “docker run –privileged” command. This write-up has elaborated on whether you should run privileged Docker containers.

About the author

Rafia Zafar

I am graduated in computer science. I am a junior technical author here and passionate about Programming and learning new technologies. I have worked in JAVA, HTML 5, CSS3, Bootstrap, and PHP.