docs: --privileged docs completeness, consistency

As discussed in https://github.com/containers/libpod/issues/4840

Signed-off-by: Mark Stosberg <mark@rideamigos.com>

1 files changed, 10 insertions, 9 deletions

diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 3f6effb75..d9fdd9650 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -599,15 +599,16 @@ If a container is run with a pod, and the pod has an infra-container, the infra-
 
 Give extended privileges to this container. The default is *false*.
 
-By default, Podman containers are “unprivileged” (=false) and cannot,
-for example, modify parts of the kernel. This is because by default a
-container is not allowed to access any devices. A “privileged” container
-is given access to all devices.
-
-When the operator executes **podman run --privileged**, Podman enables access
-to all devices on the host, turns off graphdriver mount options, as well as
-turning off most of the security measures protecting the host from the
-container.
+By default, Podman containers are “unprivileged” (=false) and cannot, for
+example, modify parts of the operating system.  This is because by default a
+container is only allowed limited access to devices.  A "privileged" container
+is given the same access to devices as the user launching the container.
+
+A privileged container turns off the security features that isolate the
+container from the host. Dropped Capabilities, limited devices, read/only mount
+points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
+
+Rootless containers cannot have more privileges than the account that launched them.
 
 **--publish**, **-p**=*port*