This patch modifies the journald log driver to store the container ID in
a field named CONTAINER_ID, rather than (ab)using the MESSAGE_ID field.
Additionally, this adds the CONTAINER_ID_FULL field containing the
complete container ID and CONTAINER_NAME, containing the container name.
When using the journald log driver, this permits you to see log messages
from a particular container like this:
# journalctl CONTAINER_ID=a9238443e193
Example output from "journalctl -o verbose" includes the following:
CONTAINER_ID=27aae7361e67
CONTAINER_ID_FULL=27aae7361e67e2b4d3864280acd2b80e78daf8ec73786d8b68f3afeeaabbd4c4
CONTAINER_NAME=web
Closes: #12864
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
Syslog was a heading-2, but should be heading-3;
changed the headings to heading-4 to match the
"network settings" section.
Also changed "Log driver" to "logging driver" for JSON.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We now have instructions in our Unix installs about setting up
docker group to avoid sudo. Also, Mac/Windows shouldn't use
sudo. So, I've removed sudo from our examples and added a
section at the top reminding them that if they have to use
sudo to run docker they can change that.
Signed-off-by: Mary Anthony <mary@docker.com>
Add ability to refer to an image by repository name and digest using the
format repository@digest. Works for pull, push, run, build, and rmi.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
This adds two more tables to the run reference documentation.
- the list of 'modes' for Network settings is now a table.
- the "note" for `--net="host"` was moved from the list to the detailed
description.
- the 'options' for "Runtime constraints on CPU and memory" are
now a table
- slightly re-worded the description for "memory" options, e.g.
"It is not allowed..." was rewriten to "The *container* is not allowed..."
- fix example in "Runtime privilege, Linux capabilities, and LXC configuration"
being indented twice
- slightly reduced indenting in some `usage` output to be better readable.
- fixes a typo `/ets/hosts` -> `/etc/hosts`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Read `/proc/sys/net/ipv4/ip_local_port_range` kernel parameter to obtain
ephemeral port range that now sets the boundaries of port allocator
which finds free host ports for those exported by containers.
Signed-off-by: Michal Minar <miminar@redhat.com>
The original description has some mistakes and lack of many useful
information, I rewrite them to make it accurate and complete.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This moves some information on restart-policies from
the "command line" page to "run reference".
Also fixes some minor typos and adds a "NOTE"
about --rm and --restart not allowed to be combined.
Also removes inline CSS styles from tables,
which will be styled by the stylesheet, and fixes
some minor MarkDown errors (`<` -> <)
depends on https://github.com/docker/docs-base/pull/1resolves#11069
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This modifies the "docker help" text so that it is no wider than 80 chars
and each description fits on one line. This will also try to use ~ when
possible
Added a test to make sure we don't go over 80 chars again.
Added a test to make sure we use ~
Applied rules/tests to all docker commands - not just main help text
Closes#10214
Signed-off-by: Doug Davis <dug@us.ibm.com>
We want to be able to use container without the PID namespace. We basically
want containers that can manage the host os, which I call Super Privileged
Containers. We eventually would like to get to the point where the only
namespace we use is the MNT namespace to bring the Apps userspace with it.
By eliminating the PID namespace we can get better communication between the
host and the clients and potentially tools like strace and gdb become easier
to use. We also see tools like libvirtd running within a container telling
systemd to place a VM in a particular cgroup, we need to have communications of the PID.
I don't see us needing to share PID namespaces between containers, since this
is really what docker exec does.
So currently I see us just needing docker run --pid=host
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Forbid `docker run -t` with a redirected stdin (such as `echo test |
docker run -ti busybox cat`). Forbid `docker exec -t` with a redirected
stdin. Forbid `docker attach` with a redirect stdin toward a tty enabled
container.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
inspired by #9448 and #9487
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
inspired by #9452
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
Signal proxy does work only in non-TTY mode (--tty=false). Man pages and
commands should not lie about it.
Signed-off-by: Michal Minar <miminar@redhat.com>
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
If you share IPC between containers, then you need to make sure SELinux labels
match.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Ma Shimiao
wlan0
Lei Jitang
Qiang Huang
Marianna
Lars Kellogg-Stedman
HuKeping
Ed Costello
Rick Wieman
Dan Walsh
Bryan Boreham
Yan Feng
Sebastiaan van Stijn
Harry Zhang
cheney90
Ankush Agarwal
Mary Anthony
sidharthamani
Lloyd Dewolf
Alexander Morozov
Andy Goldstein
Michal Minar
ChristoperBiscardi
Sven Dowideit
Doug Davis
Christian Stefanescu
Srini Brahmaroutu
shishir-a412ed
Arnaud Porterie
Sven Dowideit
George Xie