From beb23c9963d125ea4ea0574a9125a0333051f7e1 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 24 Jun 2020 19:09:15 +0900 Subject: [PATCH] docs: update for cgroup v2 and rootless Signed-off-by: Akihiro Suda --- docs/reference/commandline/dockerd.md | 8 ++++++-- man/docker-run.1.md | 2 +- man/dockerd.8.md | 6 ++++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index ae6ab6af60..eaa94ded46 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -290,7 +290,7 @@ $ docker -H tcp://127.0.0.1:2375 pull ubuntu ### Daemon storage-driver On Linux, the Docker daemon has support for several different image layer storage -drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`. +drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay`, `overlay2`, and `fuse-overlayfs`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause @@ -341,6 +341,9 @@ to use it. > Both `overlay` and `overlay2` are currently unsupported on `btrfs` > or any Copy on Write filesystem and should only be used over `ext4` partitions. +The `fuse-overlayfs` driver is similar to `overlay2` but works in userspace. +The `fuse-overlayfs` driver is expected to be used for [Rootless mode](https://docs.docker.com/engine/security/rootless/). + On Windows, the Docker daemon supports a single image layer storage driver depending on the image platform: `windowsfilter` for Windows images, and `lcow` for Linux containers on Windows. @@ -999,7 +1002,8 @@ single `native.cgroupdriver` option is available. The `native.cgroupdriver` option specifies the management of the container's cgroups. You can only specify `cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the system errors out. If you omit the -`native.cgroupdriver` option,` cgroupfs` is used. +`native.cgroupdriver` option,` cgroupfs` is used on cgroup v1 hosts, `systemd` +is used on cgroup v2 hosts with systemd available. This example sets the `cgroupdriver` to `systemd`: diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 8b71569cd8..e693fdf316 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -178,7 +178,7 @@ division of CPU shares: Set the cgroup namespace mode for the container. **host**: run the container in the host's cgroup namespace **private**: run the container in its own private cgroup namespace - **""**: (unset) run the container in the host's cgroup namespace + **""**: (unset) use the daemon's default configuration (**host** on cgroup v1, **private** on cgroup v2) **--cgroup-parent**="" Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 39ddc5ea30..c76c74ff19 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -181,7 +181,8 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru **--default-cgroupns-mode**="**host**|**private**" Set the default cgroup namespace mode for newly created containers. The argument - can either be **host** or **private**. If unset, this defaults to `host`. + can either be **host** or **private**. If unset, this defaults to `host` on cgroup v1, +`private` on cgroup v2. **--default-gateway**="" IPv4 address of the container default gateway; this address must be part of @@ -833,7 +834,8 @@ option is available. The `native.cgroupdriver` option specifies the management of the container's cgroups. You can only specify `cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the system errors out. If you omit the -`native.cgroupdriver` option,` cgroupfs` is used. +`native.cgroupdriver` option,` cgroupfs` is used on cgroup v1 hosts, `systemd` +is used on cgroup v2 hosts with systemd available. This example sets the `cgroupdriver` to `systemd`: