privileged: boolean

Optional. Default false. If set to true, the task will run with full capabilities, as determined by the Garden backend the task runs on. For Linux-based backends it typically determines whether or not the container will run in a separate user namespace, and whether the root user is "actual" root (if set to true) or a user namespaced root (if set to false, the default).

This is a gaping security hole; use wisely and only if necessary. This is not part of the task configuration to prevent privilege escalation via pull requests.