security-opts will allow you to customise the security subsystem.
For example the labeling system like SELinux will run on a container.
--security-opt="label:user:USER" : Set the label user for the container
--security-opt="label:role:ROLE" : Set the label role for the container
--security-opt="label:type:TYPE" : Set the label type for the container
--security-opt="label:level:LEVEL" : Set the label level for the container
--security-opt="label:disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Depracated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
For the cases where --bip option is used it is sometimes best to disable
IP masquerading as the provided bridge IP range may be routable.
Signed-off-by: Eugene Yakubovich <eugene.yakubovich@coreos.com>
This adds a --add-host host:ip flag which appends lines to /etc/hosts. This is needed in places where you want the container to get a different name resolution than it would through DNS. This was submitted before as #5525, closed, and now I am re-opening. It has come up 2 or 3 times in the last couple days.
Signed-off-by: Tim Hockin <thockin@google.com>
This exposes the already existing "create container" operation. It is
very similar to "docker run -d" except it doesn't actually start the
container, but just prepares it. It can then be manually started using
"docker start" at any point.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Conflicts:
api/client/commands.go
runconfig/parse.go
server/container.go
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Use utils.RFC3339NanoFixed ("2006-01-02T15:04:05.000000000Z07:00")
instead of time.RFC3339Nano to format our log timestamps - this way
things are aligned, in particular the nano seconds are padded with zeros
Signed-off-by: Doug Davis <dug@us.ibm.com>
I've moved the docs.css to last so it can tweak any existing css, and
then set that to the same grey colour used for 'normal' text.
While testing I found and fixed an over-zealous line wrap.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Adds support for a --registry-mirror=scheme://<host>[:port]
daemon flag. The flag may be present multiple times. If
provided, mirrors are prepended to the list of endpoints used
for image pull. Note that only mirrors of the public
index.docker.io registry are supported, and image/tag resolution
is still performed via the official index.
Docker-DCO-1.1-Signed-off-by: Tim Smith <timbot@google.com> (github: timbot)
Now from a single invocation of `docker save`, you can specify multiple
images to include in the output tar, or even just multiple tags of a
particular image/repo.
```
> docker save -o bundle.tar busybox ubuntu:lucid ubuntu:saucy fedora:latest
> tar tf ./bundle.tar | wc -l
42
> tar xOf ./bundle.tar repositories
{"busybox":{"latest":"2d8e5b282c81244037eb15b2068e1c46319c1a42b80493acb128da24b2090739"},"fedora":{"latest":"58394af373423902a1b97f209a31e3777932d9321ef10e64feaaa7b4df609cf9"},"ubuntu":{"lucid":"9cc9ea5ea540116b89e41898dd30858107c1175260fb7ff50322b34704092232","saucy":"9f676bd305a43a931a8d98b13e5840ffbebcd908370765373315926024c7c35e"}}
```
Further, this fixes the bug where the `repositories` file is not created
when saving a specific tag of an image (e.g. ubuntu:latest)
document multi-image save and updated API docs
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
issue #7580 volumes-from comma separated list mentioned this case.
Options like --volumes-from=[] indicate they can be specified multiple times:
docker run -it --rm --volumes-from TEST_DATA --volumes-from TEST_DATA2 ubuntu bash
Signed-off-by: Deshi Xiao <dxiao@redhat.com>
* starting with filtering for exit codes. `docker ps -a --filter 'exited=1'`
* API doc for filter parameter
* formatting filters for help usage
* tweaks for review
This requires https://github.com/dotcloud/docker/pull/4430
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
`rm -f` was originally deprecated in favor of `rm --stop/--kill` since `rm
-f` was sending SIGTERM and potentially very slow.
Instead this will bring back `rm -f` but use SIGKILL isntead
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
/tmp is often a tmpfs file system and large temporary files could cause
docker commands to fail. Also using /tmp potentially allows users on the
system to get access to content, or even attack the content. Moving the tmpdir to
/var/lib/container/tmp will protect the data.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Conflicts:
docker/docker.go
The ENTRYPOINT example uses "/usr/bin/ls" as path, but `ls` is located at `/bin/ls`.
Docker-DCO-1.1-Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (github: thaJeztah)
"docker logout [SERVER]" will remove the registry server' credentials from
.dockercfg file. If a server is not specified, it will log user out of the
default docker registry server
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
We add a --device flag which can be used like:
docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash
To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.
Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.
Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
Currently the docker logs timestamp flag generates log entries like:
$ sudo docker logs -ft daemon_dave
[May 10 13:06:17.934] hello world
It uses Go's StampMilli timestamp to generate the timestamp. The entry
is also wrapped in [ ].
This is non-standard operational timestamp and one that will require
custom parsing.
The new timestamp is RFC3999Nano and generates entries like:
2014-05-10T17:42:14.999999999Z07:00 hello world
These are readily parsed by tools like ELK.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
And also move it in to the `ADD` section, rather than being hidden in the `RUN` section.
Docker-DCO-1.1-Signed-off-by: Daniel Watkins <daniel@daniel-watkins.co.uk> (github: OddBloke)
The Docker btrfs graph driver does not interact well with SELinux at present.
If btrfs mounts the same file in several locations, the same SELinux label will
be applied to all mountpoints. In the context of the graph driver, things such
as shared libraries become inaccessible to containers due to SELInux, causing
all dynamically linked applications to fail when run in a container.
Consequently, error when we detect the daemon is being run with SELinux enabled
and the btrfs driver. Documentation has been added for this behavior.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
Initiates a pause before committing a container,
adds a pause option to the commit command, defaulting to 'true'.
Fixes bug: #6267
Fixes bug: #3675
Docker-DCO-1.1-Signed-off-by: Eric Windisch <ewindisch@docker.com> (github: ewindisch)
Docker's --sig-proxy option sends all signals but one to a container. The
exception s SIGCHLD, which is deliberately ignored as it doesn't make sense to
send such a signal to a process in a container. Documentation updates will make
this less confusing if anyone does attempt to do this.
Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
This will allow us to _know_ what the user's -H settings are, which may
be useful for debugging later.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
as a maintainer.
Best of luck on your e-commerce business Guillaume, and thanks for all
the great contributions!
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This behavior changed from v0.9 to v0.10, so document it to prevent
any confusion.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
This reverts commit 2819677c215bd409b4ce4da51f0ddfb303760796.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
This is a new feature and flag. (replaces the suggestion of a flag for
--untagged images).
The concept is to have a syntax to filter. This begins with this
filtering for the 'images' subcommand, and at that only filtering for
whether images are untagged.
example like: docker rmi $(docker images -q --filter 'untagged=true')
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
* Added User Guide section outlines.
* Added User Guide to menu.
* Moved HTTPS example to articles.
* Replaced Hello World example with User Guide.
* Moved use cases out of examples.
* Updated Introduction to add User Guide.
* Redirected migrated /use and /articles links.
* Added Docker.io section
* Added Dockerized section
* Added Using Docker section
* Added Docker Images section
* Added Docker Links section
* Added Docker Volumes section
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
This adds a COPY command to docker build which works like ADD, but is
only for local files and it doesn't extract files.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Docker-DCO-1.1-Signed-off-by: Robin Speekenbrink <robin@kingsquare.nl> (github: fruitl00p)
rebased by
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This adds a `--force-rm` flag to docker build which makes the Docker
daemon clean up all containers, even when the build has failed.
This new flag requires that we bump the remote API, so we also bump the
remote API version.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
The file was saved as busybox.tar, but the ls commands named it b.tar.
Docker-DCO-1.1-Signed-off-by: Steven Burgess <steven.a.burgess@hotmail.com> (github: stevenburgess)
This adds a few lines to the RUN Dockerfile docs to explain how to
bypass the RUN caching and how ADD can also invalidate the cache for
these instructions.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
In the documentation was not mentioned explicitly that VOLUME value
shoud be a valid JSON array. Because of this I spent time to discovering
the problem with my image where I put `VOLUME ['/data']` (with single quotes).
The `['/data']` mount point was parsed and mounted whole as a string without
any errors and warnings.
Docker-DCO-1.1-Signed-off-by: Max Shytikov <mshytikov@gmail.com> (github: mshytikov)
I've seen one other missing space that I addressed in another PR already.
I don't know whether that is a common occurrence in the docs.
About the second diff chunk, it looks like some copy-paste mistake to me.
Docker-DCO-1.1-Signed-off-by: Felix Rabe <felix@rabe.io> (github: felixrabe)
This PR aims to increase the consistency across the docs for
code blocks and code/comment/output markings.
Rule followed here is "what's visible on the screen should be reflected"
Issue:
- Docs had various code blocks showing: comments, commands & outputs.
- All three of these items were inconsistently marked.
Some examples as to how this PR aims to introduce improvements:
1. Removed `> ` from in front of the "outputs". Eg,
` > REPOSITORY TAG ID CREATED` replaced with:
` REPOSITORY TAG ID CREATED`.
2. Introduced `$` for commands. Eg,
` sudo chkconfig docker on` replaced with:
` $ sudo chkconfig docker on`
3. Comments:
` > # ` replaced with:
` # `.
> Please note:
> Due to a vast amount of items reviewed and changed for this PR, there
> might be some individually incorrect replacements OR patterns of incorrect
> replacements. This PR needs to be reviewed and if there is anything missing,
> it should be improved or amended.
Closes:
https://github.com/dotcloud/docker/issues/5286
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
This adds back in the references to private repositories and
provides some refactoring to the Working with repositories
documentation including updating references to the "Central"
registry to Docker.io.
It also:
* Fixes some links and references to Central Index
* Fixes anchors in other files to updated titles in Working with Repositories.
* Renamed Central Index in the remaining places.
* Updated terms documentation to reflect Docker.io
* Updated some Docker Index naming to be consistent.
* Updates menu labels and hyperlinks.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
- Mention that [] options may be specified multiple times on the Usage page
Docker-DCO-1.1-Signed-off-by: Mike MacCana <mike.maccana@gmail.com> (github: mikemaccana)
Docker-DCO-1.1-Signed-off-by: Mike MacCana <mike.maccana@gmail.com> (github: SvenDowideit)
relative paths, and also fixed some broken images.
There are still more todo - next PR I think :)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
- Remove redundant chars and all errors caused by RST->MD conversion.
e.g. [/#, /\, \<, />, etc.]
- Fix broken inter-document links
- Fix outbound links no-longer active or changed
- Fix lists
- Fix code blocks
- Correct apostrophes
- Replace redundant inline note marks for code with code marks
- Fix broken image links
- Remove non-functional title links
- Correct broken cross-docs links
- Improve readability
Note: This PR does not try to fix/amend:
- Grammatical errors
- Lexical errors
- Linguistic-logic errors etc.
It just aims to fix main structural or conversion errors to serve as
a base for further amendments that will cover others including but
not limited to those mentioned above.
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Update:
- Fix backtick issues
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Warn users of the planned deprecation of 'docker commit --run', and hide
it from the docs and usage message. The option continues to work.
Note that an alternative to 'commit --run' is being implemented but is
not yet available. We are printing the warning anyway because on
the basis that it never hurts to give more advance warning.
The 'commit --run' flag is a leftover from the very early days of Docker,
and has several problems:
1) It is very user unfriendly. You have to pass a literal json dict
which is poorly documented and changes regularly (see PortSpecs vs
ExposedPorts). The merge behavior is not clear and also changes
regularly. it's not possible to unset a value.
2) It overlaps with the Dockerfile syntax. There are 2 ways to set
a default command, expose a port or change an env variable. Some
things can be done in a Dockerfile but not in --run. Some things
can be done in --run but not in a Dockerfile. It would be better
to push a single syntax, allow using it both in a file and via
the command line, and make improvements in a single place.
3) It exposes data structures which should not be publicly exposed.
There are several planned improvements to Docker which require moving
around the content and schema of the various Config, Image and Container
structures. The less of those we expose in public interfaces, the easier
it is to move things around without a reverse compatibility nightmare.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
'docker insert' is an old command which predates 'docker build'. We no
longer recommend using it, it is not actively maintained, and can be
replaced with the combination of 'docker build' and 'ADD'.
This removes the command from usage and documentation, and prints a
warning when it is called.
The command still works but it will be removed in a future version.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
* The commands are no longer listed or documented.
* The commands still work but print a deprecation warning.
* The commands should be removed in a future version.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This adds a bit of documentation for the `-a` flag for docker run.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
match dock functionality, and not try to achieve shell-sourcing compatibility
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)