A developer needs to run a containerized application that requires broad permissions to access and manipulate host hardware devices, similar to the permissions of the root user on the host. While the default unprivileged container mode blocks this access for security, this specific application requires it to function correctly. Which of the following podman run or docker run flags should be used to grant these extensive permissions to the container?
The correct answer is --privileged. This flag grants the container all Linux kernel capabilities and removes many of the security restrictions enforced by the container runtime, such as seccomp profiles, AppArmor/SELinux separation, and limitations on device access. This effectively allows a process inside the container to have almost the same level of access as a root process on the host. The --device flag is used to grant access to a specific host device, not broad, root-level privileges. The --security-opt flag is used to configure specific security options like AppArmor profiles, seccomp profiles, or SELinux labels, but it does not grant full privileged access on its own. The --cap-add flag is used to add specific kernel capabilities, which is a more granular and secure approach than using --privileged, but it does not grant the all-encompassing access that --privileged does.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `--privileged` flag specifically do in container runtimes like podman and docker?
Open an interactive chat with Bash
How does the `--device` flag differ from the `--privileged` flag?
Open an interactive chat with Bash
When should you consider using `--cap-add` instead of `--privileged`?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access