mirror of https://github.com/docker/cli.git
Added --device flag to run reference
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
This commit is contained in:
parent
aa499ca76e
commit
5547dedac3
|
@ -231,6 +231,7 @@ them via Docker.
|
||||||
--cap-add: Add Linux capabilities
|
--cap-add: Add Linux capabilities
|
||||||
--cap-drop: Drop Linux capabilities
|
--cap-drop: Drop Linux capabilities
|
||||||
--privileged=false: Give extended privileges to this container
|
--privileged=false: Give extended privileges to this container
|
||||||
|
--device=[]: Allows you to run devices inside the container without the --privileged flag.
|
||||||
--lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
|
--lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
|
||||||
|
|
||||||
By default, Docker containers are "unprivileged" and cannot, for
|
By default, Docker containers are "unprivileged" and cannot, for
|
||||||
|
@ -243,11 +244,17 @@ https://www.kernel.org/doc/Documentation/cgroups/devices.txt)).
|
||||||
|
|
||||||
When the operator executes `docker run --privileged`, Docker will enable
|
When the operator executes `docker run --privileged`, Docker will enable
|
||||||
to access to all devices on the host as well as set some configuration
|
to access to all devices on the host as well as set some configuration
|
||||||
in AppArmor to allow the container nearly all the same access to the
|
in AppArmor or SELinux to allow the container nearly all the same access to the
|
||||||
host as processes running outside containers on the host. Additional
|
host as processes running outside containers on the host. Additional
|
||||||
information about running with `--privileged` is available on the
|
information about running with `--privileged` is available on the
|
||||||
[Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
|
[Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
|
||||||
|
|
||||||
|
If you want to limit access to a specific device or devices you can use
|
||||||
|
the `--device` flag. It allows you to specify one or more devices that
|
||||||
|
will be accessible within the container.
|
||||||
|
|
||||||
|
$ docker run --device=/dev/snd:/dev/snd ...
|
||||||
|
|
||||||
In addition to `--privileged`, the operator can have fine grain control over the
|
In addition to `--privileged`, the operator can have fine grain control over the
|
||||||
capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
|
capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
|
||||||
list of capabilities that are kept. Both flags support the value `all`, so if the
|
list of capabilities that are kept. Both flags support the value `all`, so if the
|
||||||
|
|
Loading…
Reference in New Issue