How to know if a docker container is running in privileged mode
20,801
From the docker host
Use the docker inspect command:
docker inspect --format='{{.HostConfig.Privileged}}' <container id>
And within a bash script you could have a test:
if [[ $(docker inspect --format='{{.HostConfig.Privileged}}' <container id>) == "false" ]]; then
echo not privileged
else
echo privileged
fi
From inside the container itself
You have to try to run a command that requires the --privileged
flag and see if it fails
For instance ip link add dummy0 type dummy
is a command which requires the --privileged
flag to be successful:
$ docker run --rm -it ubuntu ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted
while
$ docker run --rm -it --privileged ubuntu ip link add dummy0 type dummy
runs fine.
In a bash script you could do something similar to this:
ip link add dummy0 type dummy >/dev/null
if [[ $? -eq 0 ]]; then
PRIVILEGED=true
# clean the dummy0 link
ip link delete dummy0 >/dev/null
else
PRIVILEGED=false
fi
Author by
Leo Gallucci
https://github.com/elgalu https://www.linkedin.com/in/elgalu
Updated on September 05, 2020Comments
-
Leo Gallucci over 3 years
Would like to know via bash script, if current running container was started in
--privileged
mode from inside the container (not from the host machine).For now I'm stuck with passing an env var with the flag but is not an ideal solution.