Leo Gallucci Leo Gallucci - 5 months ago 49
Bash Question

How to know if a docker container is running in privileged mode

Would like to know via bash script, if current running container was started in

--privileged
mode from inside the container (not from the host machine).

For now I'm stuck with passing an env var with the flag but is not an ideal solution.

Answer

From the docker host

Use the docker inspect command:

docker inspect --format='{{.HostConfig.Privileged}}' <container id>

And within a bash script you could have a test:

if [[ $(docker inspect --format='{{.HostConfig.Privileged}}' <container id>) == "false" ]]; then
    echo not privileged
else
    echo privileged
fi

From inside the container itself

You have to try to run a command that requires the --privileged flag and see if it fails

For instance ip link add dummy0 type dummy is a command which requires the --privileged flag to be successful:

$ docker run --rm -it ubuntu ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted

while

$ docker run --rm -it --privileged ubuntu ip link add dummy0 type dummy

runs fine.

In a bash script you could do something similar to this:

ip link add dummy0 type dummy >/dev/null
if [[ $? -eq 0 ]]; then
    PRIVILEGED=true
    # clean the dummy0 link
    ip link delete dummy0 >/dev/null
else
    PRIVILEGED=false
fi