How to know if a docker container is running in privileged mode

bash shell docker containers dockerfile

20,801

From the docker host

docker inspect --format='{{.HostConfig.Privileged}}' <container id>

And within a bash script you could have a test:

if [[ $(docker inspect --format='{{.HostConfig.Privileged}}' <container id>) == "false" ]]; then
    echo not privileged
else
    echo privileged
fi

From inside the container itself

You have to try to run a command that requires the --privileged flag and see if it fails

For instance ip link add dummy0 type dummy is a command which requires the --privileged flag to be successful:

$ docker run --rm -it ubuntu ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted

while

$ docker run --rm -it --privileged ubuntu ip link add dummy0 type dummy

runs fine.

In a bash script you could do something similar to this:

ip link add dummy0 type dummy >/dev/null
if [[ $? -eq 0 ]]; then
    PRIVILEGED=true
    # clean the dummy0 link
    ip link delete dummy0 >/dev/null
else
    PRIVILEGED=false
fi

20,801

Author by

Leo Gallucci

https://github.com/elgalu https://www.linkedin.com/in/elgalu

Updated on September 05, 2020

Comments

Leo Gallucci over 3 years

Would like to know via bash script, if current running container was started in --privileged mode from inside the container (not from the host machine).

For now I'm stuck with passing an env var with the flag but is not an ideal solution.