See #10141 for more info, but the main point of this is to make sure
that if you do "docker run -e FOO ..." that FOO from the current env
is passed into the container. This means that if there's a value, its
set. But it also means that if FOO isn't set then it should be unset in
the container too - even if it has to remove it from the env. So,
unset HOSTNAME
docker run -e HOSTNAME busybox env
should _NOT_ show HOSTNAME in the list at all
Closes#10141
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes#9960
This adds the output of a "Backing Filesystem:" entry to `docker info`
to overlay, aufs, and devicemapper graphdrivers. The default list
includes a fairly complete list of common filesystem names from
linux/include/uapi/linux/magic.h, but if the backing filesystem is not
recognized, the code will simply show "<unknown>"
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
The documentation on `docker export` doesn't mention that
data in volumes is not included in the export.
This adds a note that volumes are not part of the export
and refers to the "Backup, restore, or migrate data volumes"
to give the user some pointers.
Relates to https://github.com/docker/docker/issues/10095
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a --readonly flag to allow the container's root filesystem to be
mounted as readonly. This can be used in combination with volumes to
force a container's process to only write to locations that will be
persisted. This is useful in many cases where the admin controls where
they would like developers to write files and error on any other
locations.
Closes#7923Closes#8752
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We want to be able to use container without the PID namespace. We basically
want containers that can manage the host os, which I call Super Privileged
Containers. We eventually would like to get to the point where the only
namespace we use is the MNT namespace to bring the Apps userspace with it.
By eliminating the PID namespace we can get better communication between the
host and the clients and potentially tools like strace and gdb become easier
to use. We also see tools like libvirtd running within a container telling
systemd to place a VM in a particular cgroup, we need to have communications of the PID.
I don't see us needing to share PID namespaces between containers, since this
is really what docker exec does.
So currently I see us just needing docker run --pid=host
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
to docs.master.dockerproject.com.
- Make the invaidation profile the bucket variable, not hard coded.
- Add no cache variable for settings cache to "no-cache"
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
This fixes the container start issue for containers which were started
on a daemon prior to the resolv.conf updater PR. The update code will
now safely ignore these containers (given they don't have a sha256 hash
to compare against) and will not attempt to update the resolv.conf
through their lifetime.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It seems odd to have such an important API hidden under 'misc'.
While in there I noticed that during the "-f Dockerfile" PR I changed
the query param from f to dockerfile and missed this one spot in the docs.
Signed-off-by: Doug Davis <dug@us.ibm.com>
w/o this one-liner the v1.17 docs didn't appear in the Reference dropdown
and I would get a 404 when I tried to access
.../reference/api/docker_remote_api_v1.17/
Not sure if there are other spots that need to be fixed but this seemed to
fix it for me.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Add a check to make sure Dockerfile is in the build context
Add docs and a testcase
Make -f relative to current dir, not build context
Signed-off-by: Doug Davis <dug@us.ibm.com>
If .dockerignore mentions either then the client will send them to the
daemon but the daemon will erase them after the Dockerfile has been parsed
to simulate them never being sent in the first place.
an events test kept failing for me so I tried to fix that too
Closes#8330
Signed-off-by: Doug Davis <dug@us.ibm.com>
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
as noted in https://github.com/boot2docker/boot2docker/issues/690
Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
This is:
git format-patch -1 --stdout HEAD \
| patch -p1 docs/sources/reference/api/docker_remote_api_v1.*.md
Applying the changes I initially made on the docs for v1.15 to all
other versions led to acceptable results.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Using --insecure is (you guessed it) *insecure* as the server side
certificate is not being validated. To offer the same degree of
security as invocations of the docker client in "Secure by default"
with cURL, the trusted CA certificate must be supplied.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
With -CAcreateserial the serial file will be automatically created
and initialized if it is missing.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Fixed:
* Invalid JSON
* Inconsistent spacing at colon
Expression for binary data streams (line 468 vs. 1474) remain inconsistent.
Could fix that too, if you like.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Moves some information around, expanding information on
user namespaces, pull/load security, cap add/drop.
Also includes various grammar improvements and edits.
Signed-off-by: Eric Windisch <eric@windisch.us>
Arnaud Porterie
Doug Davis
James Turnbull
Liang-Chi Hsieh
Yongzhi Pan
Sven Dowideit
Lei Jitang
Sebastiaan van Stijn
Bruno Gazzera
imre Fitos
Jessie Frazelle
Phil Estes
Pavel Lobashov
Fred Lifton
Sven Dowideit
Nathan Hsieh
Sven Dowideit
Alexander Morozov
Michael Crosby
Michael Crosby
Dan Walsh
Jessica Frazelle
Malte Janduda
Srini Brahmaroutu
Victor Vieux
HuKeping
Jean-Paul Calderone
Andreas Köhler
Luis Martínez de Bartolomé Izquierdo
Tangi COLIN
Jan Koprowski
Evgeny Vereshchagin
Brian Goff
Christian Stefanescu
Lorenz Leutgeb
Daehyeok Mun
Nate Eagleson
Eric Windisch