0
I am trying run a linux container in Windows host. I need to run the linux container in privileged mode. However, when I run the below command:
docker run -it --privileged --name test centos:7 /bin/sh
I am getting this as the result - Error response from daemon: Windows does not support privileged mode.
So I tried the --cap-add feature.
PS C:\Users\hello-vm> docker run -it -d --cap-add sys_admin --cap-add sys_resource --cap-add ipc_lock -d --name test centos:7 /bin/bash
c1cb9d7e7c5c9f8c88e816a3deb47dd0248718238d4a204a760addf554326459
PS C:\Users\hellouser>
PS C:\Users\hellouser>
PS C:\Users\hellouser>
PS C:\Users\hellouser>
PS C:\Users\hellouser>
PS C:\Users\hellouser> docker exec -it testdev /bin/bash -c "ulimit -l 20000"
/bin/bash: line 0: ulimit: max locked memory: cannot modify limit: Operation
not permitted
The above command does not work. When I run the above command without -d , the command works
PS C:\Users\hellouser> docker run -it --cap-add sys_admin --cap-add sys_resource --cap-add ipc_lock --name test centos:7 /bin/bash -c "ulimit -l 20000; ulimit -a "
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 3766
max locked memory (kbytes, -l) 20000
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 3766
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Is it like the --cap-add feature will work only for interactive terminal or Am I missing something obvious here?
Note: I want the container to be in running mode with these capabilities added.