update(docs): explain how to use images with fully/least privileged

co-authored-by: Lorenzo Fontana <[email protected]> Signed-off-by: Leonardo Grasso <[email protected]>
falcosecurity · May 18, 2020 · 824d757 · 824d757
1 parent 9654136
commit 824d757
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/content/en/docs/download.md b/content/en/docs/download.md
@@ -14,7 +14,7 @@ The Falco Project community only supports two ways for downloading and running F
 Below you can find artifacts for both. 
 
 
-### Download for Linux
+### Download for Linux {#packages}
 
 |        | development                                                                                                                 | stable                                                                                                              |
 |--------|-----------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|
@@ -26,7 +26,7 @@ The list of all available artifacts can be found [here](https://bintray.com/falc
 
 ---
 
-### Download container images
+### Download container images {#images}
 
 {{< info >}}
 

diff --git a/content/en/docs/running.md b/content/en/docs/running.md
@@ -35,6 +35,12 @@ falco --help
 
 ## Run within Docker {#docker}
 
+Falco ships a set of official [docker images](/docs/download#images). 
+The images can be used in two ways as follows:
+- [Least privileged](#docker-least-privileged)
+- [Fully privileged](#docker-privileged)
+
+### Least privileged {#docker-least-privileged}
 This is how the Falco userspace process can be ran in a container. 
 
 Once the kernel module has been installed directly on the host system, it can be used from within a container.
@@ -67,6 +73,22 @@ Once the kernel module has been installed directly on the host system, it can be
         falcosecurity/falco-no-driver:latest
     ```
 
+### Fully privileged {#docker-privileged}
+
+To run Falco in a container using Docker with full privileges:
+
+    ```shell
+    docker pull falcosecurity/falco:latest
+    docker run --rm -i -t \
+        --privileged \
+        -v /dev:/host/dev \
+        -v /proc:/host/proc:ro \
+        -v /boot:/host/boot:ro \
+        -v /lib/modules:/host/lib/modules:ro \
+        -v /usr:/host/usr:ro \
+        -v /etc:/host/etc:ro \
+        falcosecurity/falco:latest
+    ```
 
 ## Hot Reload