Docker Tips: Mind the ‘privileged’ Flag

Make sure it’s used on purpose to avoid a permissions leak

Photo by Florian Berger on Unsplash

If you use the --privileged flag when running a container, make sure you know what you’re doing. In this piece, we will show an unexpected impact its usage can trigger.

Set Up a Test Environment

First we create a VM on VirtualBox using Vagrant.

Note: If you don’t know this great tool from Hashicorp, I recommend you give it a try as it’s super-convenient.

# Init the vagrant box (based on bionic64)
$ vagrant init ubuntu/bionic64
# Launch the VM
$ vagrant up
# ssh in the newly created VM
$ vagrant ssh

The next (very handy) command installs Docker on our newly created Linux box.

$ curl https://get.docker.com | sh

Purpose of the --privileged Flag

Running a container with the --privileged flag gives all the capabilities to the container and also access to the host’s devices (everything that’s under the /dev folder). Let’s check this out.

List of available devices from a container running with the --privileged flag

That means the container has access to the hard drives attached to the host. Because a lot of containers run with the fully privileged root user, the consequences can be quite disastrous.

Doing Nasty Things

Let’s run a shell in an alpine-based container and provide it some additional capabilities with the --privileged flag.

$ docker run -ti --privileged alpine

Once in the container, let’s use the access to the host’s devices to do some really bad things, like deleting a disk partition. First, we use the fdisk utility to list the existing partitions.

/ # fdisk -l
Disk /dev/sda: 10 GB, 10737418240 bytes, 20971520 sectors
4209 cylinders, 106 heads, 47 sectors/track
Units: cylinders of 4982 * 512 = 2550784 bytes
Device  Boot StartCHS    EndCHS        StartLBA     EndLBA    Sectors  Size Id…