diff --git a/entrypoint.sh b/entrypoint.sh
index 712227e..355bdd9 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -56,6 +56,12 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then
   sed -i "/^  labels:/c\  labels: [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE}
   sed -i "/^  network:/c\  network: host" ${CONFIG_FILE}
 
+  if [[ "${DOCKER_PRIVILEGED}" == "true" ]]; then
+    sed -i "/^  privileged:/c\  privileged: true" ${CONFIG_FILE}
+    sed -i "/^  options:/c\  options:-v /certs/client:/certs/client" ${CONFIG_FILE}
+    sed -i "/^  valid_volumes:/c\  valid_volumes:\n    - /certs/client" ${CONFIG_FILE}
+  fi
+
 fi
 
 ENV_FILE=${ENV_FILE:-"/data/.env"}
diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml
index 47d1965..018d956 100644
--- a/examples/docker-compose/compose-forgejo-and-runner.yml
+++ b/examples/docker-compose/compose-forgejo-and-runner.yml
@@ -79,6 +79,7 @@ services:
       DOCKER_HOST: "tcp://docker:2376" # defaults to tcp://docker:2376
       DOCKER_CERT_PATH: "/certs/client" # defaults to /certs/client
       DOCKER_TLS_VERIFY: "1" # defaults to 1
+      DOCKER_PRIVILEGED: "true" # defaults to false for security reasons
 
       FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000
       FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN