diff --git a/README.rst b/README.rst
index 64c9246..55fff75 100644
--- a/README.rst
+++ b/README.rst
@@ -121,6 +121,12 @@ The ``[docker:container-name]`` section may contain the following directives:
     test run until the container reports healthy, and will fail the test
     run if it never does so (within the parameters specified).
 
+```privileged```
+    A boolean string that defaults to False. By default containers are unprivileged and does
+    not have access to devices.  When true, this corresponds to
+    `docker run --privileged
+    <https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities>`__.
+
 Command-Line Arguments
 ----------------------
 
@@ -176,6 +182,7 @@ Example
     healthcheck_retries = 30
     healthcheck_interval = 1
     healthcheck_start_period = 1
+    privileged = true
     # Configure a bind-mounted volume on the host to store Postgres' data
     # NOTE: this is included for demonstration purposes of tox-docker's
     # volume capability; you probably _don't_ want to do this for real
diff --git a/tox_docker/config.py b/tox_docker/config.py
index 1721a1d..8819f00 100644
--- a/tox_docker/config.py
+++ b/tox_docker/config.py
@@ -118,6 +118,7 @@ def __init__(
         ports: Optional[Collection[Port]] = None,
         links: Optional[Collection[Link]] = None,
         volumes: Optional[Collection[Volume]] = None,
+        privileged: Optional[bool] = False,
     ) -> None:
         self.name = name
         self.runas_name = runas_name(name)
@@ -127,6 +128,7 @@ def __init__(
         self.ports: Collection[Port] = ports or {}
         self.links: Collection[Link] = links or {}
         self.mounts: Collection[Mount] = [v.docker_mount for v in volumes or ()]
+        self.privileged = privileged
 
         self.healthcheck_cmd = healthcheck_cmd
         self.healthcheck_interval = (
diff --git a/tox_docker/plugin.py b/tox_docker/plugin.py
index eec57fd..6348613 100644
--- a/tox_docker/plugin.py
+++ b/tox_docker/plugin.py
@@ -108,6 +108,7 @@ def docker_run(
         ports=ports,
         publish_all_ports=len(ports) == 0,
         mounts=container_config.mounts,
+        privileged=container_config.privileged,
     )
     container.reload()  # TODO: why do we need this?
     return container
diff --git a/tox_docker/tox3/config.py b/tox_docker/tox3/config.py
index eaa4850..cfb31a0 100644
--- a/tox_docker/tox3/config.py
+++ b/tox_docker/tox3/config.py
@@ -133,6 +133,10 @@ def parse_container_config(
     if reader.getstring("volumes"):
         volumes = [Volume(line) for line in reader.getlist("volumes")]
 
+    privileged = False
+    if reader.getstring("privileged"):
+        privileged = bool(reader.getstring("privileged"))
+
     return ContainerConfig(
         name=container_name,
         image=Image(reader.getstring("image")),
@@ -146,4 +150,5 @@ def parse_container_config(
         ports=ports,
         links=links,
         volumes=volumes,
+        privileged=privileged,
     )
diff --git a/tox_docker/tox4/config.py b/tox_docker/tox4/config.py
index 8beb390..6bc4e11 100644
--- a/tox_docker/tox4/config.py
+++ b/tox_docker/tox4/config.py
@@ -52,6 +52,12 @@ def register_config(self) -> None:
             default=[],
             desc="volumes to attach",
         )
+        self.add_config(
+            keys=["privileged"],
+            of_type=bool,
+            default=False,
+            desc="run in privileged mode",
+        )
 
         self.add_config(
             keys=["healthcheck_cmd"],
@@ -102,4 +108,5 @@ def parse_container_config(docker_config: DockerConfigSet) -> ContainerConfig:
         ports=docker_config["ports"],
         links=docker_config["links"],
         volumes=docker_config["volumes"],
+        privileged=docker_config["privileged"],
     )