Container privileges
How do containers differ in terms of how they are run?
Red Hat defines some container images based not on what they provide, but on how they run.
Super Privileged Container (SPC) images are designed to run with extra privileges (such as access to the host filesystem, devices, user account, IPC, and so on) to a container’s host system. With that privilege, the container can manage or otherwise access the host system directly.
System Container images are those that are configured to run without the docker service, allowing them to either start before the docker service or run on systems that don’t include the docker service. System containers typically use systemd unit files and the runc command to start, stop, and manage those containers.
Last updated