From 4bb2abaa54f55519722e44243d561c669095524f Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 5 Mar 2024 14:27:26 +0100 Subject: [PATCH 1/2] docs: typo fixes and other corrections Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- docs/reference/commandline/image_build.md | 2 +- docs/reference/dockerd.md | 6 +++--- docs/reference/run.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/image_build.md b/docs/reference/commandline/image_build.md index af78159e6a..bae3c5a900 100644 --- a/docs/reference/commandline/image_build.md +++ b/docs/reference/commandline/image_build.md @@ -69,7 +69,7 @@ user credentials, VPNs, and so forth. > **Note** > > If the `URL` parameter contains a fragment the system recursively clones -> the repository and its submodules using a `git clone --recursive` command. +> the repository and its submodules. Git URLs accept context configuration in their fragment section, separated by a colon (`:`). The first part represents the reference that Git checks out, diff --git a/docs/reference/dockerd.md b/docs/reference/dockerd.md index 63b9ce8211..580b1f0dec 100644 --- a/docs/reference/dockerd.md +++ b/docs/reference/dockerd.md @@ -1347,7 +1347,7 @@ using the `daemon.json` file. "default-network-opts": { "bridge": { "com.docker.network.bridge.host_binding_ipv4": "127.0.0.1", - "com.docker.network.bridge.mtu": "1234" + "com.docker.network.driver.mtu": "1234" } } } @@ -1363,7 +1363,7 @@ you create use these option configurations as defaults. ```console $ docker network create mynet $ docker network inspect mynet --format "{{json .Options}}" -{"com.docker.network.bridge.host_binding_ipv4":"127.0.0.1","com.docker.network.bridge.mtu":"1234"} +{"com.docker.network.bridge.host_binding_ipv4":"127.0.0.1","com.docker.network.driver.mtu":"1234"} ``` Note that changing this daemon configuration doesn't affect pre-existing @@ -1377,5 +1377,5 @@ daemon configuration. The CLI flag expects a value with the following format: ```console $ sudo dockerd \ --default-network-opt bridge=com.docker.network.bridge.host_binding_ipv4=127.0.0.1 \ - --default-network-opt bridge=com.docker.network.bridge.mtu=1234 + --default-network-opt bridge=com.docker.network.driver.mtu=1234 ``` diff --git a/docs/reference/run.md b/docs/reference/run.md index ab4a4afceb..1cf5aaa005 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -7,7 +7,7 @@ title: Running containers --- Docker runs processes in isolated containers. A container is a process -which runs on a host. The host may be local or remote. When an you +which runs on a host. The host may be local or remote. When you execute `docker run`, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host. From 3da26a5e79fbf69e2cfebb389cf7d6aede47cdd8 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 5 Mar 2024 15:29:56 +0100 Subject: [PATCH 2/2] docs: add description and link for --userns flag Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- docs/reference/commandline/container_run.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/container_run.md b/docs/reference/commandline/container_run.md index 706d43b57b..7fd9c84aa2 100644 --- a/docs/reference/commandline/container_run.md +++ b/docs/reference/commandline/container_run.md @@ -108,7 +108,7 @@ Create and run a new container from an image | [`-t`](#tty), [`--tty`](#tty) | | | Allocate a pseudo-TTY | | [`--ulimit`](#ulimit) | `ulimit` | | Ulimit options | | `-u`, `--user` | `string` | | Username or UID (format: [:]) | -| `--userns` | `string` | | User namespace to use | +| [`--userns`](#userns) | `string` | | User namespace to use | | [`--uts`](#uts) | `string` | | UTS namespace to use | | [`-v`](#volume), [`--volume`](#volume) | `list` | | Bind mount a volume | | `--volume-driver` | `string` | | Optional volume driver for the container | @@ -271,6 +271,21 @@ container. strace: Process 1 attached ``` +### Disable namespace remapping for a container (--userns) + +If you enable user namespaces on the daemon, +all containers are started with user namespaces enabled by default. +To disable user namespace remapping for a specific container, +you can set the `--userns` flag to `host`. + +```console +docker run --userns=host hello-world +``` + +`host` is the only valid value for the `--userns` flag. + +For more information, refer to [Isolate containers with a user namespace](https://docs.docker.com/engine/security/userns-remap/). + ### UTS settings (--uts) ```text