✦ For everyone, free.

Practical knowledge for real and everyday life

Home

11.2.2.4 Privileged Container Risk

A focused guide to Privileged Container Risk, connecting core concepts with practical Docker and container operations.

Privileged container risk refers to the substantial security exposure created by running a container in privileged mode, which grants it nearly unrestricted access to the host's devices and kernel capabilities, effectively dissolving much of the isolation a container would otherwise provide.

What Privileged Mode Actually Grants

Privileged mode removes most of the restrictions a container would normally operate under, providing access closely approximating that of a process running directly on the host as root.

docker run --privileged myapp:1.0

A container started this way has access to essentially all host devices and kernel capabilities, a dramatically broader scope than even a non-restricted, default container provides.

Why This Risk Is Particularly Severe

A compromised process running in a privileged container has a meaningfully easier path to affecting the host system itself, since the isolation that would normally constrain it has been substantially removed.

docker run --privileged --rm alpine sh -c "mount /dev/sda1 /mnt"

A command like this, mounting a host device directly, demonstrates the kind of host-level access privileged mode makes possible — access an ordinary, non-privileged container simply cannot exercise.

Why Privileged Mode Is Sometimes Used Despite This Risk

Certain specific use cases — running Docker itself inside a container, or specific hardware access scenarios — have historically relied on privileged mode, though many of these scenarios increasingly have more narrowly scoped alternatives available.

docker run --device=/dev/specific-device myapp:1.0

Granting access to a specific device this way, rather than full privileged mode, achieves the narrow need without the dramatically broader exposure privileged mode introduces.

Why Privileged Mode Should Be a Rare, Deliberate Exception

Given the scope of access it grants, privileged mode should never be a default or convenience choice — its use should be limited to genuinely necessary, carefully considered exceptions, with any unprivileged alternative preferred whenever it can meet the actual need.

docker run myapp:1.0
Why Privileged Container Risk Matters

Understanding the substantial scope of access privileged mode actually grants is essential for recognizing why it represents one of the most significant container security risks available, warranting deliberate avoidance except in genuinely necessary, carefully justified circumstances.

Related content