How to check if an LXD container runs privileged?

It is not recommended to run LXD containers in privileged mode because this can seriously compromise the isolation and/or security of the host system. A privileged container can do things that affect the entire host – for example, it can use things in /sys to reset the network card, which will reset it for the entire host, causing network blips. Unfortunately, this is sometimes necessary for certain applications that require direct access to system files to run properly. To check which LXD containers are effectively running in privileged mode, run the following command on the host:

lxc list security.privileged=true

Similar Posts