'podman run' and the '--privileged' option | No authentication required; was that intentional?

[Ricky-Tigg]

Hello. As I can deduce from the manual podman-run(1), an unprivileged user is allowed to execute 'podman run --rm -it --privileged --volume /:/mnt <container>', which grants privileged permissions and turns off the security features that isolate the container from its host, this then without authentication via 'sudo'.

$ id
uid=1000(yk) gid=1000(yk) groups=1000(yk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ podman run --rm -it --privileged --volume /:/mnt alpine
/ # id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
/ # exit
$

[Luap99]

It is unclear what you are asking?

A container running as your user will never have more permissions than your user even when using --privileged

Containers running in a user namespace (e.g., rootless containers) cannot have more privileges than the user that launched them.

you may want to read up on how user namespaces work, because uid 0 in the container does not give you real root access on the host.

[eben-vranken]

This is intentional and by design. The root you see inside the container is not real root on the host.

When running rootless Podman, user IDs inside the container are mapped to unprivileged UIDs on the host via user namespaces. So uid=0(root) inside the container maps back to uid=1000(yk) outside of it. If the container process escapes, it gets no elevated privileges on the host.

The docs confirm this directly:

Rootless containers cannot have more privileges than the account that launched them.

The --volume /:/mnt mount does expose the host filesystem, but only with the same permissions your user already has. Try writing to a root-owned file from inside that container and it will be denied.

For comparison, this is fundamentally different from docker run --privileged with a root-owned Docker daemon, where --privileged combined with a host mount is a well-known privilege escalation path. With rootless Podman, the user namespace boundary prevents that.