github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/options/privileged.md

github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/options/privileged.md (about)

     1  ####> This option file is used in:
     2  ####>   podman create, exec, run
     3  ####> If file is edited, make sure the changes
     4  ####> are applicable to all of those.
     5  #### **--privileged**
     6  
     7  Give extended privileges to this container. The default is **false**.
     8  
     9  By default, Podman containers are unprivileged (**=false**) and cannot, for
    10  example, modify parts of the operating system. This is because by default a
    11  container is only allowed limited access to devices. A "privileged" container
    12  is given the same access to devices as the user launching the container, with
    13  the exception of virtual consoles (_/dev/tty\d+_) when running in systemd
    14  mode (**--systemd=always**).
    15  
    16  A privileged container turns off the security features that isolate the
    17  container from the host. Dropped Capabilities, limited devices, read-only mount
    18  points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
    19  Due to the disabled security features, the privileged field should almost never
    20  be set as containers can easily break out of confinement.
    21  
    22  Containers running in a user namespace (e.g., rootless containers) cannot have
    23  more privileges than the user that launched them.