Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: add memory and swap memory usage examples 

fix: https://github.com/docker/docker/issues/11629

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This commit is contained in:
Qiang Huang 2015-03-24 13:45:16 +08:00 committed by Tibor Vass
parent 1f934f1094
commit 645b49d05b
1 changed files with 35 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
docs/sources/reference/run.md
View File

@ -427,23 +427,23 @@ the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
requirement for MLS systems. Specifying the level in the following command requirement for MLS systems. Specifying the level in the following command
allows you to share the same content between containers. allows you to share the same content between containers.
# docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash $ sudo docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash
An MLS example might be: An MLS example might be:
# docker run --security-opt label:level:TopSecret -i -t rhel7 bash $ sudo docker run --security-opt label:level:TopSecret -i -t rhel7 bash
To disable the security labeling for this container versus running with the To disable the security labeling for this container versus running with the
`--permissive` flag, use the following command: `--permissive` flag, use the following command:
# docker run --security-opt label:disable -i -t fedora bash $ sudo docker run --security-opt label:disable -i -t fedora bash
If you want a tighter security policy on the processes within a container, If you want a tighter security policy on the processes within a container,
you can specify an alternate type for the container. You could run a container you can specify an alternate type for the container. You could run a container
that is only allowed to listen on Apache ports by executing the following that is only allowed to listen on Apache ports by executing the following
command: command:
# docker run --security-opt label:type:svirt_apache_t -i -t centos bash $ sudo docker run --security-opt label:type:svirt_apache_t -i -t centos bash
Note: Note:
@ -456,7 +456,7 @@ container:
-m="": Memory limit (format: <number><optional unit>, where unit = b, k, m or g) -m="": Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
-memory-swap="": Total memory limit (memory + swap, format: <number><optional unit>, where unit = b, k, m or g) -memory-swap="": Total memory limit (memory + swap, format: <number><optional unit>, where unit = b, k, m or g)
-c, --cpu-shares=0 CPU shares (relative weight) -c, --cpu-shares=0: CPU shares (relative weight)
### Memory constraints ### Memory constraints
@ -508,6 +508,31 @@ We have four ways to set memory usage:
</tbody> </tbody>
</table> </table>
Examples:
$ sudo docker run -ti ubuntu:14.04 /bin/bash
We set nothing about memory, this means the processes in the container can use
as much memory and swap memory as they need.
$ sudo docker run -ti -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash
We set memory limit and disabled swap memory limit, this means the processes in
the container can use 300M memory and as much swap memory as they need (if the
host supports swap memory).
$ sudo docker run -ti -m 300M ubuntu:14.04 /bin/bash
We set memory limit only, this means the processes in the container can use
300M memory and 300M swap memory, by default, the total virtual memory size
(--memory-swap) will be set as double of memory, in this case, memory + swap
would be 2*300M, so processes can use 300M swap memory as well.
$ sudo docker run -ti -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash
We set both memory and swap memory, so the processes in the container can use
300M memory and 700M swap memory.
### CPU share constraint ### CPU share constraint
By default, all containers get the same proportion of CPU cycles. This proportion By default, all containers get the same proportion of CPU cycles. This proportion
@ -599,18 +624,18 @@ operator wants to have all capabilities but `MKNOD` they could use:
For interacting with the network stack, instead of using `--privileged` they For interacting with the network stack, instead of using `--privileged` they
should use `--cap-add=NET_ADMIN` to modify the network interfaces. should use `--cap-add=NET_ADMIN` to modify the network interfaces.
$ docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy $ sudo docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted RTNETLINK answers: Operation not permitted
$ docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy $ sudo docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy
To mount a FUSE based filesystem, you need to combine both `--cap-add` and To mount a FUSE based filesystem, you need to combine both `--cap-add` and
`--device`: `--device`:
$ docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt $ sudo docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt
fuse: failed to open /dev/fuse: Operation not permitted fuse: failed to open /dev/fuse: Operation not permitted
$ docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt $ sudo docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt
fusermount: mount failed: Operation not permitted fusermount: mount failed: Operation not permitted
$ docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs $ sudo docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs
# sshfs sven@10.10.10.20:/home/sven /mnt # sshfs sven@10.10.10.20:/home/sven /mnt
The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established. The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established.
ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6. ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6.