diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index bf3eec2d2e..fb17b0ec29 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1379,7 +1379,6 @@ _docker_run() { --link --log-driver --log-opt - --lxc-conf --mac-address --memory -m --memory-swap diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index e0fbcaa80c..15cde66f02 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -135,7 +135,6 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Pri complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of :alias' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" @@ -324,7 +323,6 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of :alias' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 69b324c8dc..7beb44f278 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -438,7 +438,6 @@ __docker_subcommand() { "($help)*"{-l=,--label=}"[Set meta data on a container]:label: " "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" "($help)*--log-opt=[Log driver specific options]:log driver options: " - "($help)*--lxc-conf=[Add custom lxc options]:lxc options: " "($help)--mac-address=[Container MAC address]:MAC address: " "($help)--name=[Container name]:name: " "($help)--net=[Connect a container to a network]:network mode:(bridge none container host)" @@ -541,7 +540,7 @@ __docker_subcommand() { "($help)*--dns-opt=[DNS options to use]:DNS option: " \ "($help)*--default-ulimit=[Set default ulimit settings for containers]:ulimit: " \ "($help)--disable-legacy-registry[Do not contact legacy registries]" \ - "($help -e --exec-driver)"{-e=,--exec-driver=}"[Exec driver to use]:driver:(native lxc windows)" \ + "($help -e --exec-driver)"{-e=,--exec-driver=}"[Exec driver to use]:driver:(native windows)" \ "($help)*--exec-opt=[Set exec driver options]:exec driver options: " \ "($help)--exec-root=[Root of the Docker execdriver]:path:_directories" \ "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 723bc90a0a..2f11bfbd4d 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -48,7 +48,6 @@ Creates a new container. --link=[] Add link to another container --log-driver="" Logging driver for container --log-opt=[] Log driver specific options - --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-reservation="" Memory soft limit diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 91fd3c6cf0..6da89e6b49 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -439,11 +439,6 @@ Currently supported options of `zfs`: The Docker daemon uses a specifically built `libcontainer` execution driver as its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. -There is still legacy support for the original [LXC userspace tools]( -https://linuxcontainers.org/) via the `lxc` execution driver, however, this is -not where the primary development of new functionality is taking place. -Add `-e lxc` to the daemon flags to use the `lxc` execution driver. - ## Options for the native execdriver You can configure the `native` (libcontainer) execdriver using options specified diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 5e7dd5dd9e..76446ca84b 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -47,7 +47,6 @@ parent = "smn_cli" --link=[] Add link to another container --log-driver="" Logging driver for container --log-opt=[] Log driver specific options - --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-reservation="" Memory soft limit diff --git a/docs/reference/run.md b/docs/reference/run.md index a6e5fe124d..4d6565a11d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -39,7 +39,6 @@ defaults related to: * container identification * network settings * runtime constraints on CPU and memory - * privileges and LXC configuration With the `docker run [OPTIONS]` an operator can add to or override the image defaults set by a developer. And, additionally, operators can @@ -75,7 +74,7 @@ following options. - [Restart policies (--restart)](#restart-policies-restart) - [Clean up (--rm)](#clean-up-rm) - [Runtime constraints on resources](#runtime-constraints-on-resources) - - [Runtime privilege, Linux capabilities, and LXC configuration](#runtime-privilege-linux-capabilities-and-lxc-configuration) + - [Runtime privilege and Linux capabilities](#runtime-privilege-and-linux-capabilities) ## Detached vs foreground @@ -965,21 +964,18 @@ one can use this flag: $ docker run -ti --rm --group-add audio --group-add dbus --group-add 777 busybox id uid=0(root) gid=0(root) groups=10(wheel),29(audio),81(dbus),777 -## Runtime privilege, Linux capabilities, and LXC configuration +## Runtime privilege and Linux capabilities --cap-add: Add Linux capabilities --cap-drop: Drop Linux capabilities --privileged=false: Give extended privileges to this container --device=[]: Allows you to run devices inside the container without the --privileged flag. - --lxc-conf=[]: Add custom lxc options By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a -"privileged" container is given access to all devices (see [lxc-template.go]( -https://github.com/docker/docker/blob/master/daemon/execdriver/lxc/lxc_template.go) -and documentation on [cgroups devices]( -https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). +"privileged" container is given access to all devices (see +the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). When the operator executes `docker run --privileged`, Docker will enable to access to all devices on the host as well as set some configuration @@ -1093,22 +1089,6 @@ To mount a FUSE based filesystem, you need to combine both `--cap-add` and .... -If the Docker daemon was started using the `lxc` exec-driver -(`docker daemon --exec-driver=lxc`) then the operator can also specify LXC options -using one or more `--lxc-conf` parameters. These can be new parameters or -override existing parameters from the [lxc-template.go]( -https://github.com/docker/docker/blob/master/daemon/execdriver/lxc/lxc_template.go). -Note that in the future, a given host's docker daemon may not use LXC, so this -is an implementation-specific configuration meant for operators already -familiar with using LXC directly. - -> **Note:** -> If you use `--lxc-conf` to modify a container's configuration which is also -> managed by the Docker daemon, then the Docker daemon will not know about this -> modification, and you will need to manage any conflicts yourself. For example, -> you can use `--lxc-conf` to set a container's IP address, but this will not be -> reflected in the `/etc/hosts` file. - ## Logging drivers (--log-driver) The container can have a different logging driver than the Docker daemon. Use @@ -1290,7 +1270,6 @@ above, or already defined by the developer with a Dockerfile `ENV`: declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" declare -x PWD="/" declare -x SHLVL="1" - declare -x container="lxc" declare -x deep="purple" Similarly the operator can set the **hostname** with `-h`. diff --git a/experimental/userns.md b/experimental/userns.md index 79e06ee4a9..5a204fa7cf 100644 --- a/experimental/userns.md +++ b/experimental/userns.md @@ -109,7 +109,6 @@ running a Docker daemon with experimental user namespaces enabled: - A `--readonly` container filesystem (a Linux kernel restriction on remount with new flags of a currently mounted filesystem when inside a user namespace) - external (volume/graph) drivers which are unaware/incapable of using daemon user mappings - Using `--privileged` mode containers - - Using the lxc execdriver (only the `native` execdriver is enabled to use user namespaces) - volume use without pre-arranging proper file ownership in mounted volumes Additionally, while the `root` user inside a user namespaced container diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 3620004005..5317f18073 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -37,7 +37,6 @@ docker-create - Create a new container [**--link**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] -[**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] @@ -182,9 +181,6 @@ millions of trillions. **--log-opt**=[] Logging driver specific options. -**--lxc-conf**=[] - (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - **-m**, **--memory**="" Memory limit (format: [], where unit = b, k, m or g) diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 34dd04a93a..b738f43952 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -111,7 +111,6 @@ To get information on a container use its ID or instance name: "HostConfig": { "Binds": null, "ContainerIDFile": "", - "LxcConf": [], "Memory": 0, "MemorySwap": 0, "CpuShares": 0, diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 1fdb1bc7d8..6b2b6d704f 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -38,7 +38,6 @@ docker-run - Run a command in a new container [**--link**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] -[**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] @@ -274,9 +273,6 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -**--lxc-conf**=[] - (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - **--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and