...
In Open Horizon and all commercial distributions based on it, you have the ability to specify that a service should be deployed with privileged process execution enabled. By default, it is disabled. You must explicitly enable it in the Service Definition file to use it. And any agreement that is negotiated to run that service implies that the target nodes must also explicitly allow that in their Node Policy file.
DAB: Is there a way that we can point directly at the privileged field here: https://open-horizon.github.io/anax/deployment_string.html instead of pointing to the service def, which indirectly points to this location.DAB: I think we should explain why you have to enable it on the node in addition to the service def. I think it will be obvious that enablement in the service def is needed, but node enablement might be more shocking. The reason for requiring it on the node is because in OH, the node owner gets a say/vote in what runs on the node. This is the whole purpose of node policy, to give the node owner agency in the decision about what runs there.
...