diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d489b6ecb3..6ea82b2162 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -829,6 +829,7 @@ _docker_run() { --env -e --env-file --expose + --group-add --hostname -h --ipc --label -l diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 79f7ed4bad..e146ae6cf3 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -127,6 +127,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached' @@ -313,6 +314,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Se complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index dfca95ae57..e6fb8caebe 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -499,6 +499,7 @@ __docker_subcommand () { '--entrypoint=-[Overwrite the default ENTRYPOINT of the image]:entry point: ' \ '*--env-file=-[Read in a file of environment variables]:environment file:_files' \ '*--expose=-[Expose a port or a range of ports]:port or a range of ports: ' \ + '*--group-add=-[Add additional groups to run as]:group: ' \ '(-h --hostname)'{-h,--hostname=-}'[Container host name]:hostname:_hosts' \ '(- :)--help[Print usage]' \ '(-i --interactive)'{-i,--interactive}'[Keep STDIN open even if not attached]' \ diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 147bf70495..e13ee094f3 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -34,6 +34,7 @@ weight=1 --entrypoint="" Overwrite the default ENTRYPOINT of the image --env-file=[] Read in a file of environment variables --expose=[] Expose a port or a range of ports + --group-add=[] Add additional groups to run as -h, --hostname="" Container host name --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached diff --git a/docs/reference/run.md b/docs/reference/run.md index 48662ccdd1..dcc9e663a5 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -737,6 +737,16 @@ weights of the two containers. > **Note:** The blkio weight setting is only available for direct IO. Buffered IO > is not currently supported. +## Additional groups + --group-add: Add Linux capabilities + +By default, the docker container process runs with the supplementary groups looked +up for the specified user. If one wants to add more to that list of groups, then +one can use this flag: + + $ docker run -ti --rm --group-add audio --group-add dbus --group-add 777 busybox id + uid=0(root) gid=0(root) groups=10(wheel),29(audio),81(dbus),777 + ## Runtime privilege, Linux capabilities, and LXC configuration --cap-add: Add Linux capabilities diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 0bde6271e8..2badefa39e 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -24,6 +24,7 @@ docker-create - Create a new container [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] [**--expose**[=*[]*]] +[**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**[=*false*]] @@ -129,6 +130,9 @@ two memory nodes. **--expose**=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host +**--group-add**=[] + Add additional groups to run as + **-h**, **--hostname**="" Container host name diff --git a/man/docker-run.1.md b/man/docker-run.1.md index cdecee8461..0d98de85b6 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -25,6 +25,7 @@ docker-run - Run a command in a new container [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] [**--expose**[=*[]*]] +[**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**[=*false*]] @@ -216,6 +217,9 @@ ENTRYPOINT. **--expose**=[] Expose a port, or a range of ports (e.g. --expose=3300-3310), from the container without publishing it to your host +**--group-add**=[] + Add additional groups to run as + **-h**, **--hostname**="" Container host name