Commit Graph

99 Commits

Author SHA1 Message Date
Dan Walsh 2d0316cb43 Fix documentation on --security-opt seccomp
Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:32 +00:00
Liron Levin ce28fa45b0 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:32 +00:00
Jessica Frazelle fd1c2150ad pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:31 +00:00
Mrunal Patel d3f632156e Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:31 +00:00
Mike Danese f18d114874 daemon/logger: Add logging driver for Google Cloud Logging
Signed-off-by: Mike Danese <mikedanese@google.com>
2017-06-02 00:07:30 +00:00
Cedric Davies 56965a4d1d Windows: Add ETW logging driver plug-in
Signed-off-by: Cedric Davies <cedricda@microsoft.com>
2017-06-02 00:07:29 +00:00
Sebastiaan van Stijn f367aeadf3 Add note about legacy links
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:28 +00:00
Michael Crosby 9796beeedb Move tar copy-up for tmpfs mounts
We cannot rely on the tar command for this type of operation because tar
versions, flags, and functionality can very from distro to distro.
Since this is in the container execution path it is not safe to have
this as a dependency from dockers POV where the user cannot change the
fact that docker is adding these pre and post mount commands.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:26 +00:00
Brian Goff 88fa05ccb4 Add note about mount propagation on systemd
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:26 +00:00
Madhu Venugopal 46db31de0a Network scoped alias support
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:24 +00:00
Alessandro Boch d3aa590eec Add missing documentation for static IP options
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:23 +00:00
Vincent Demeester 18eb9f2e64 Implement configurable detach key
Implement configurable detach keys (for `attach`, exec`, `run` and
`start`) using the client-side configuration

- Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start`
  commands.
- Adds a new configuration field (in `~/.docker/config.json`) to
  configure the default escape keys for docker client.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:22 +00:00
Qiang Huang b87dd1342f Fix docs for memory-swap
Fixes: #18894

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:21 +00:00
Doug Davis 421578fbd4 remove =false from options that default to false in the docs
This re-aligns the docs with what the cmd line now does.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:21 +00:00
Ma Shimiao 499d634f32 Add support for blkio read/write iops device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:21 +00:00
Vivek Goyal b2cbaa03af Add capability to specify mount propagation per volume
Allow passing mount propagation option shared, slave, or private as volume
property.

For example.
docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:20 +00:00
Ma Shimiao 9480c4763d Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn c5f725e1c7 Address review comments.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Ben Firshman 22ce4b4448 Add docs and man page entry for --volume-driver
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
2017-06-02 00:07:19 +00:00
Wen Cheng Ma deae0706ea Add NETWORK_NAME_or_ID value for --net= option
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:19 +00:00
Antonio Murdaca e9287cd43a Add OomScoreAdj to configure container oom killer preferences
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:19 +00:00
Dan Walsh 65120e8851 This patch adds --tmpfs as a option for mounting tmpfs on directories
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 67eea4d814 Add docs for option `--isolation`
Add docs for `run`/`create`/`build` command option `isolation`

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
NIWA Hideyuki fa2f024bc6 Addition of "--shm-size" to which size of /dev/shm is changed.
- Optional "--shm-size=" was added to the sub-command(run, create,and build).
- The size of /dev/shm in the container can be changed
  when container is made.
- Being able to specify is a numerical value that applies number,
  b, k, m, and g.
- The default value is 64MB, when this option is not set.
- It deals with both native and lxc drivers.

Signed-off-by: NIWA Hideyuki <niwa.hiedyuki@jp.fujitsu.com>
2017-06-02 00:07:18 +00:00
Ma Shimiao e303d6cc9f Add support for blkio.weight_device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:17 +00:00
Zhang Wei 1a495e2d47 Fix man pages
Add contents and fix format problem for man pages.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:16 +00:00
David Calavera c5ed875bd9 Remove LXC support.
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:15 +00:00
Sally O'Malley c48ec056d5 Change 'docker run' exit codes to distinguish docker/contained errors
The purpose of this PR is for users to distinguish Docker errors from
contained command errors.
This PR modifies 'docker run' exit codes to follow the chroot standard
for exit codes.
Exit status:
125 if 'docker run' itself fails
126 if contained command cannot be invoked
127 if contained command cannot be found
the exit status otherwise

Signed-off-by: Sally O'Malley <somalley@redhat.com>
2017-06-02 00:07:15 +00:00
Madhu Venugopal 2d486b08c8 Updating networking docs with technical information
- the /etc/hosts read caveat due to dynamic update
- information about docker_gwbridge
- Carries and closes #17654
- Updating with last change by Madhu
- Updating with the IPAM api 1.22

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:15 +00:00
Denis Gladkikh 1e2a27568b Add Splunk logging driver #16207
Allow to send Splunk logs using Http Event Collector

Signed-off-by: Denis Gladkikh <denis@gladkikh.email>
2017-06-02 00:07:14 +00:00
GabrielNicolasAvellaneda aa9830907a MINOR typo fix.
Signed-off-by: GabrielNicolasAvellaneda <avellaneda.gabriel@gmail.com>
2017-06-02 00:07:13 +00:00
Vincent Demeester 4c506e1df7 Deprecate -c cli short variant flag in docker cli
- build
- create

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:13 +00:00
Sally O'Malley 445552696c add clarity to -p option
Signed-off-by: Sally O'Malley <somalley@redhat.com>
2017-06-02 00:07:13 +00:00
Mike Brown d83594a46d updating docs for EXPOSE option on run command; fixes #16634
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2017-06-02 00:07:12 +00:00
Mike Brown b5a037443d man update for docker run with host volumes
Signed-off-by: Mike Brown <brownwm@us.ibm.com>

cleaning up docker run -v documentation for man and web reference guide

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2017-06-02 00:07:11 +00:00
qhuang d5b1d055b8 Add support for memory reservation
Signed-off-by: qhuang <qhuang@10.0.2.15>
2017-06-02 00:07:10 +00:00
Tim Hockin 8bdf17d8fe Add support for DNS options
Signed-off-by: Tim Hockin <thockin@google.com>
2017-06-02 00:07:09 +00:00
xlgao-zju d204132ee6 fix doc about vol
Signed-off-by: xlgao-zju <xlgao@zju.edu.cn>
2017-06-02 00:07:09 +00:00
Nalin Dahyabhai a821292ec8 Add log reading to the journald log driver
If a logdriver doesn't register a callback function to validate log
options, it won't be usable.  Fix the journald driver by adding a dummy
validator.

Teach the client and the daemon's "logs" logic that the server can also
supply "logs" data via the "journald" driver.  Update documentation and
tests that depend on error messages.

Add support for reading log data from the systemd journal to the
journald log driver.  The internal logic uses a goroutine to scan the
journal for matching entries after any specified cutoff time, formats
the messages from those entries as JSONLog messages, and stuffs the
results down a pipe whose reading end we hand back to the caller.

If we are missing any of the 'linux', 'cgo', or 'journald' build tags,
however, we don't implement a reader, so the 'logs' endpoint will still
return an error.

Make the necessary changes to the build setup to ensure that support for
reading container logs from the systemd journal is built.

Rename the Jmap member of the journald logdriver's struct to "vars" to
make it non-public, and to make it easier to tell that it's just there
to hold additional variable values that we want journald to record along
with log data that we're sending to it.

In the client, don't assume that we know which logdrivers the server
implements, and remove the check that looks at the server.  It's
redundant because the server already knows, and the check also makes
using older clients with newer servers (which may have new logdrivers in
them) unnecessarily hard.

When we try to "logs" and have to report that the container's logdriver
doesn't support reading, send the error message through the
might-be-a-multiplexer so that clients which are expecting multiplexed
data will be able to properly display the error, instead of tripping
over the data and printing a less helpful "Unrecognized input header"
error.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> (github: nalind)
2017-06-02 00:07:08 +00:00
David Calavera 36a36bdaf5 Signal to stop a container.
Allow to set the signal to stop a container in `docker run`:
- Use `--stop-signal` with docker-run to set the default signal the container will use to exit.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:08 +00:00
Samuel Karp 0d2d916b13 Add awslogs driver for Amazon CloudWatch Logs
Signed-off-by: Samuel Karp <skarp@amazon.com>
2017-06-02 00:07:08 +00:00
Tonis Tiigi df39b0146b Add unless-stopped restart policy
Fixes #11008

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:07:07 +00:00
Qiang Huang b243bbed9c Change all optional unit to [unit]
As suggested before, we should change every signal one.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:07 +00:00
Qiang Huang 5731775665 Add support for kernel memory limit
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:06 +00:00
Qiang Huang 30dbdd7943 Docs: fix commandline doc create.md and run.md
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:01 +00:00
Mrunal Patel 7301088482 Adds documentation for additional groups.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:01 +00:00
Raghavendra K T b553af956f Add the memory swappiness tuning option to docker.
Memory swappiness option takes 0-100, and helps to tune swappiness
behavior per container.
For example, When a lower value of swappiness is chosen
the container will see minimum major faults. When no value is
specified for memory-swappiness in docker UI, it is inherited from
parent cgroup. (generally 60 unless it is changed).

Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
2017-06-02 00:07:01 +00:00
TAGOMORI Satoshi c240006d20 Add new logging driver: fluentd
Signed-off-by: TAGOMORI Satoshi <tagomoris@gmail.com>
2017-06-02 00:06:59 +00:00
Mary Anthony 77868b76b9 Moving man pages out of docs
Adding in other areas per comments
Updating with comments; equalizing generating man page info
Updating with duglin's comments
Doug is right here again;fixing.

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:06:57 +00:00