DockerCLI/man/src/container/create.md

Creates a writeable container layer over the specified image and prepares it for
running the specified command. The container ID is then printed to STDOUT. This
is similar to **docker run -d** except the container is never started. You can 
then use the **docker start <container_id>** command to start the container at
any point.

The initial status of the container created with **docker create** is 'created'.

### OPTIONS 

The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
can be an absolute path or a `name` value. A `name` value must start with an
alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or
`-` (hyphen). An absolute path starts with a `/` (forward slash).

If you supply a `HOST-DIR` that is an absolute path,  Docker bind-mounts to the
path you specify. If you supply a `name`, Docker creates a named volume by that
`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR`
value. If you supply the `/foo` value, Docker creates a bind mount. If you
supply the `foo` specification, Docker creates a named volume.

You can specify multiple  **-v** options to mount one or more mounts to a
container. To use these same mounts in other containers, specify the
**--volumes-from** option also.

You can supply additional options for each bind mount following an additional
colon.  A `:ro` or `:rw` suffix mounts a volume in read-only or read-write
mode, respectively. By default, volumes are mounted in read-write mode.  
You can also specify the consistency requirement for the mount, either
`:consistent` (the default), `:cached`, or `:delegated`.  Multiple options are
separated by commas, e.g. `:ro,cached`.

Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
prevent the processes running inside the container from using the content. By
default, Docker does not change the labels set by the OS.

To change a label in the container context, you can add either of two suffixes
`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
objects on the shared volumes. The `z` option tells Docker that two containers
share the volume content. As a result, Docker labels the content with a shared
content label. Shared volume labels allow all containers to read/write content.
The `Z` option tells Docker to label the content with a private unshared label.
Only the current container can use a private volume.

By default bind mounted volumes are `private`. That means any mounts done
inside container will not be visible on host and vice-a-versa. One can change
this behavior by specifying a volume mount propagation property. Making a
volume `shared` mounts done under that volume inside container will be
visible on host and vice-a-versa. Making a volume `slave` enables only one
way mount propagation and that is mounts done on host under that volume
will be visible inside container but not the other way around.

To control mount propagation property of volume one can use `:[r]shared`,
`:[r]slave` or `:[r]private` propagation flag. Propagation property can
be specified only for bind mounted volumes and not for internal volumes or
named volumes. For mount propagation to work source mount point (mount point
where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave.

Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one
can look at mount entry for source mount point in `/proc/self/mountinfo`. Look
at `optional fields` and see if any propagation properties are specified.
`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
nothing is there that means mount is `private`.

To change propagation properties of a mount point use `mount` command. For
example, if one wants to bind mount source directory `/foo` one can do
`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
will convert /foo into a `shared` mount point. Alternatively one can directly
change propagation properties of source mount. Say `/` is source mount for
`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.

> **Note**:
> When using systemd to manage the Docker daemon's start and stop, in the systemd
> unit file there is an option to control mount propagation for the Docker daemon
> itself, called `MountFlags`. The value of this setting may cause Docker to not
> see mount propagation changes made on the mount point. For example, if this value
> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
> a volume.


To disable automatic copying of data from the container path to the volume, use
the `nocopy` flag. The `nocopy` flag can be set on named volumes, and does not
apply to bind mounts..
Read long description from a file. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-22 14:11:08 -04:00			`Creates a writeable container layer over the specified image and prepares it for`
			`running the specified command. The container ID is then printed to STDOUT. This`
			`is similar to docker run -d except the container is never started. You can`
			`then use the docker start <container_id> command to start the container at`
			`any point.`

			`The initial status of the container created with docker create is 'created'.`

Add example for device-cgroup-rule to man Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com> 2017-01-13 12:05:29 -05:00			`### OPTIONS`
Read long description from a file. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-22 14:11:08 -04:00
			The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
			can be an absolute path or a `name` value. A `name` value must start with an
			alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or
			`-` (hyphen). An absolute path starts with a `/` (forward slash).

			If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the
			path you specify. If you supply a `name`, Docker creates a named volume by that
			`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR`
Dropped hyphen in bind mount where appropriate Signed-off-by: Christophe Vidal <kriss@krizalys.com> 2017-08-19 10:13:29 -04:00			value. If you supply the `/foo` value, Docker creates a bind mount. If you
Read long description from a file. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-22 14:11:08 -04:00			supply the `foo` specification, Docker creates a named volume.

			`You can specify multiple -v options to mount one or more mounts to a`
			`container. To use these same mounts in other containers, specify the`
			`--volumes-from option also.`

Dropped hyphen in bind mount where appropriate Signed-off-by: Christophe Vidal <kriss@krizalys.com> 2017-08-19 10:13:29 -04:00			`You can supply additional options for each bind mount following an additional`
Documentation for bind mount consistency flags. Signed-off-by: Jeremy Yallop <yallop@docker.com> 2017-03-10 10:02:32 -05:00			colon. A `:ro` or `:rw` suffix mounts a volume in read-only or read-write
			`mode, respectively. By default, volumes are mounted in read-write mode.`
			`You can also specify the consistency requirement for the mount, either`
			`:consistent` (the default), `:cached`, or `:delegated`. Multiple options are
			separated by commas, e.g. `:ro,cached`.
Read long description from a file. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-22 14:11:08 -04:00
			`Labeling systems like SELinux require that proper labels are placed on volume`
			`content mounted into a container. Without a label, the security system might`
			`prevent the processes running inside the container from using the content. By`
			`default, Docker does not change the labels set by the OS.`

			`To change a label in the container context, you can add either of two suffixes`
			`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
			objects on the shared volumes. The `z` option tells Docker that two containers
			`share the volume content. As a result, Docker labels the content with a shared`
			`content label. Shared volume labels allow all containers to read/write content.`
			The `Z` option tells Docker to label the content with a private unshared label.
			`Only the current container can use a private volume.`

			By default bind mounted volumes are `private`. That means any mounts done
			`inside container will not be visible on host and vice-a-versa. One can change`
			`this behavior by specifying a volume mount propagation property. Making a`
			volume `shared` mounts done under that volume inside container will be
			visible on host and vice-a-versa. Making a volume `slave` enables only one
			`way mount propagation and that is mounts done on host under that volume`
			`will be visible inside container but not the other way around.`

			To control mount propagation property of volume one can use `:[r]shared`,
			`:[r]slave` or `:[r]private` propagation flag. Propagation property can
			`be specified only for bind mounted volumes and not for internal volumes or`
			`named volumes. For mount propagation to work source mount point (mount point`
			`where source dir is mounted on) has to have right propagation properties. For`
			`shared volumes, source mount point has to be shared. And for slave volumes,`
			`source mount has to be either shared or slave.`

			Use `df <source-dir>` to figure out the source mount and then use
			`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
			properties of source mount. If `findmnt` utility is not available, then one
			can look at mount entry for source mount point in `/proc/self/mountinfo`. Look
fix some typos from module contrib to man Signed-off-by: Aaron.L.Xu <likexu@harmonycloud.cn> 2017-02-16 07:08:57 -05:00			at `optional fields` and see if any propagation properties are specified.
Read long description from a file. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-22 14:11:08 -04:00			`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
			nothing is there that means mount is `private`.

			To change propagation properties of a mount point use `mount` command. For
			example, if one wants to bind mount source directory `/foo` one can do
			`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
			will convert /foo into a `shared` mount point. Alternatively one can directly
			change propagation properties of source mount. Say `/` is source mount for
			`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.

			`> Note:`
			`> When using systemd to manage the Docker daemon's start and stop, in the systemd`
			`> unit file there is an option to control mount propagation for the Docker daemon`
			> itself, called `MountFlags`. The value of this setting may cause Docker to not
			`> see mount propagation changes made on the mount point. For example, if this value`
			> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
			`> a volume.`


			`To disable automatic copying of data from the container path to the volume, use`
Fix nocopy description nocopy does not apply to bind mounts, only volumes Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2017-09-20 10:43:15 -04:00			the `nocopy` flag. The `nocopy` flag can be set on named volumes, and does not
			`apply to bind mounts..`