Commit Graph

95 Commits

Author SHA1 Message Date
Rob Gulewich 5ad1d4d4c8 docker run: specify cgroup namespace mode with --cgroupns
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2020-01-29 22:50:37 +00:00
Akihiro Suda a7b5f2df86 support --mount type=bind,bind-nonrecursive,...
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-01-10 12:07:46 +09:00
Aleksa Sarai 647579068f
cli: add a separate --domainname flag
A while ago, Docker split the "Domainname" field out from the "Hostname"
field for the container configuration. There was no real user-visible
change associated with this (and under the hood "Domainname" was mostly
left unused from the command-line point of view). We now add this flag
in order to match other proposed changes to allow for setting the NIS
domainname of a container.

This also includes a fix for the --hostname parsing tests (they would
not error out if only one of .Hostname and .Domainname were incorrectly
set -- which is not correct).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-12-08 00:03:56 +11:00
Kir Kolyshkin e4405205ad man/docker-run.1: misc fixes
The list of changes here is too long to be described.

Maybe it's better to just rewrite the page from scratch, but at list this commit
makes some things better than before.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-03-06 15:05:32 -08:00
Kir Kolyshkin c2670c59fb man/docker-run.1: fix --interactive
Do not mention the default value twice.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-03-06 14:34:31 -08:00
Kir Kolyshkin 70dea5c144 man/docker-run.1: fix --device and --cgroup-device-rule
Use the proper man typesetting when describing the options
(i.e. use italics for variable parts, bold for literals).
Expand the description. Give better examples. Refer to mknod(2).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-03-06 14:33:22 -08:00
Kir Kolyshkin 0d9bd33bab man/docker-run.1.md: --restart, --ipc, --network options
Describe the possible values for `--restart`, `--ipc`, and `--network`
options. While at it, improve formatting for `--name` options arguments.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-02-12 12:43:24 -08:00
Abdur Rehman c3fe9d85ef fix a number of minor typos
Fix 19 typos, grammatical errors and duplicated words.

These fixes have minimal impact on the code as these are either in the
doc files or in comments inside the code files.

Signed-off-by: Abdur Rehman <abdur_rehman@mentor.com>
2017-10-31 15:21:51 +05:00
Christophe Vidal 037029414d Dropped hyphen in bind mount where appropriate
Signed-off-by: Christophe Vidal <kriss@krizalys.com>
2017-08-19 21:14:48 +07:00
Antonio Murdaca 4977ec1cca remove --init-path from client
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:11:03 +00:00
Akihiro Suda 6103806802 cli: add `--mount` to `docker run`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:11:02 +00:00
mapk0y 06428a4955 Update "man" of docker-run
Signed-off-by: mapk0y <mapk0y@gmail.com>
2017-06-02 00:11:00 +00:00
Jeremy Yallop a7c4324c47 Documentation for bind mount consistency flags.
Signed-off-by: Jeremy Yallop <yallop@docker.com>
2017-06-02 00:10:58 +00:00
Aaron.L.Xu 8279870a1f why there are so many mistakes in our repo (up to /cmd)
Signed-off-by: Aaron.L.Xu <likexu@harmonycloud.cn>
2017-06-02 00:10:55 +00:00
Kenfe-Mickael Laventure e9ad0f345f Allow adding rules to cgroup devices.allow on container create/run
This introduce a new `--device-cgroup-rule` flag that allow a user to
add one or more entry to the container cgroup device `devices.allow`

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-06-02 00:10:51 +00:00
Harald Albers da15de5f1b Add docs for `run|create --init|--init-path`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:10:50 +00:00
yuexiao-wang 6337d3724e keep network option consistent between network connect and run
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:48 +00:00
yuexiao-wang 4df2866d4e Fix the incorrect option name
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:44 +00:00
Akihiro Suda a5053dce24 cli: remove `--mount` from `docker run`
This commit reverts 273eeb813c1db0f42c2ad5e053972eeb00907568 (#26825).
For the discussion so far, please refer to #28527.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:42 +00:00
yupeng 4b2c41c1b8 fix the mistake of present
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
2017-06-02 00:10:41 +00:00
allencloud 1ce4af2038 fix typo
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:10:39 +00:00
Yong Tang ebacbb50ae Add `--dns-option` to `docker run` and hide `--dns-opt`
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055

In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.

This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.

This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.

This fix also updates the docs and bash/zsh completion scripts.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:36 +00:00
Darren Stahl 09e1fc1540 Windows: Add cpu count option
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:10:32 +00:00
Yong Tang d93d09acaa Add `--cpus` flag to control cpu resources
This fix tries to address the proposal raised in 27921 and add
`--cpus` flag for `docker run/create`.

Basically, `--cpus` will allow user to specify a number (possibly partial)
about how many CPUs the container will use. For example, on a 2-CPU system
`--cpus 1.5` means the container will take 75% (1.5/2) of the CPU share.

This fix adds a `NanoCPUs` field to `HostConfig` since swarmkit alreay
have a concept of NanoCPUs for tasks. The `--cpus` flag will translate
the number into reused `NanoCPUs` to be consistent.

This fix adds integration tests to cover the changes.

Related docs (`docker run` and Remote APIs) have been updated.

This fix fixes 27921.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:32 +00:00
Akihiro Suda 0e7bbb55c8 cli: add `--mount` to `docker run`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:31 +00:00
Qiang Huang a17a06204d Fix bunch of typos
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:10:30 +00:00
Erik St. Martin 42ef78911e Implementing support for --cpu-rt-period and --cpu-rt-runtime so that
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.

Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.

Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.

There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.

Signed-off-by: Erik St. Martin <alakriti@gmail.com>
2017-06-02 00:10:28 +00:00
sandyskies b4f6b6d970 add --network option for docker build
Signed-off-by: sandyskies <chenmingjie0828@163.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:10:28 +00:00
Yong Tang 4ff84a13da Add config parameter to change per-container stop timeout during daemon shutdown
This fix tries to add a flag `--stop-timeout` to specify the timeout value
(in seconds) for the container to stop before SIGKILL is issued. If stop timeout
is not specified then the default timeout (10s) is used.

Additional test cases have been added to cover the change.

This fix is related to #22471. Another pull request will add `--shutdown-timeout`
to daemon for #22471.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:24 +00:00
Amir Goldstein 6190d02e62 overlay2: add support for --storage-opt size
Allow passing --storage-opt size=X to docker create/run commands
for the `overlay2` graphriver.

The size option is only available if the backing fs is xfs that is
mounted with the `pquota` mount option.
The user can pass any size less then the backing fs size.

Signed-off-by: Amir Goldstein <amir73il@aquasec.com>
2017-06-02 00:10:24 +00:00
Sebastiaan van Stijn 4d268629e2 Fix capitalization
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:05 +00:00
Zhang Wei 0f6a96d2a4 Wait container's removal via Events API
If AutoRemove is set, wait until client get `destroy` events, or get
`detach` events that implies container is detached but not stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:10:04 +00:00
Sebastiaan van Stijn 77e4100d00 Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:51 +00:00
Arnaud Porterie (icecrime) 253a5f4ea2 Rename `--net` to `--network`
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:50 +00:00
Shishir Mahajan 43e6c9864b Man page fix: Mention supported drivers for --storage-opt size option in docker create/run
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:46 +00:00
Alessandro Boch 987e5e6d8a Allow user to specify container's link-local addresses
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:44 +00:00
allencloud 54df0949b0 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:41 +00:00
John Howard 6d54461bd8 Windows: Default to Hyper-V Containers on client
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
Christian Persson 5367c2a4aa Replace U+2018 and U+2019 with U+0027 in manpages
Signed-off-by: Christian Persson <saser@live.se>
2017-06-02 00:07:39 +00:00
Mrunal Patel 637048e176 Add support for --pid=container:<id>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:39 +00:00
Sean Christopherson ab42b091ee Add the swapMemorySupport requirement to OOM tests
Add the swapMemorySupport requirement to all tests related to the OOM killer.  The --memory option has the subtle side effect of defaulting --memory-swap to double the value of --memory.  The OOM killer doesn't kick in until the container exhausts memory+swap, and so without the memory swap cgroup the tests will timeout due to swap being effectively unlimited.

Document the default behavior of --memory-swap in the docker run man page.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
2017-06-02 00:07:38 +00:00
Zhu Guihua f440f14613 Add disk quota support for btrfs
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:37 +00:00
Dan Walsh a60c612a04 Add support for setting sysctls
This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:36 +00:00
Shishir Mahajan 791a5fc5c1 CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:34 +00:00
Brian Goff eba678647b Add explicit flags for volume cp/no-cp
This allows a user to specify explicitly to enable
automatic copying of data from the container path to the volume path.
This does not change the default behavior of automatically copying, but
does allow a user to disable it at runtime.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:32 +00:00
David Calavera a7364b3743 Consolidate security options to use `=` as separator.
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:32 +00:00
Dan Walsh 2d0316cb43 Fix documentation on --security-opt seccomp
Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:32 +00:00
Liron Levin ce28fa45b0 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:32 +00:00
Jessica Frazelle fd1c2150ad pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:31 +00:00
Mrunal Patel d3f632156e Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:31 +00:00