系統 - Docker - 如何啟一個有root權限的Container



參考資料:
https://docs.docker.com/engine/security/seccomp/

如下:

# docker run --rm -it --security-opt seccomp=unconfined debian unshare --map-root-user /bin/bash
c302264da7c7:/# cat /proc/$$/status | grep -i cap
    CapInh: 0000000000000000
    CapPrm: 000001ffffffffff
    CapEff: 000001ffffffffff
    CapBnd: 000001ffffffffff
    CapAmb: 0000000000000000

# docker run --rm -it --privileged debian /bin/bash
e4fa0f72dea4:/# cat /proc/$$/status | grep -i cap
    CapInh: 0000003fffffffff
    CapPrm: 0000003fffffffff
    CapEff: 0000003fffffffff
    CapBnd: 0000003fffffffff
    CapAmb: 0000000000000000