Adds documentation for additional groups.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

contrib/completion/bash/docker

@@ -829,6 +829,7 @@ _docker_run() {
 		--env -e
 		--env-file
 		--expose
+		--group-add
 		--hostname -h
 		--ipc
 		--label -l

contrib/completion/fish/docker.fish

@@ -127,6 +127,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d
 complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
 complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables'
 complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
 complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name'
 complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Print usage'
 complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached'
@@ -313,6 +314,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Se
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print usage'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached'

contrib/completion/zsh/_docker

@@ -499,6 +499,7 @@ __docker_subcommand () {
                 '--entrypoint=-[Overwrite the default ENTRYPOINT of the image]:entry point: ' \
                 '*--env-file=-[Read in a file of environment variables]:environment file:_files' \
                 '*--expose=-[Expose a port or a range of ports]:port or a range of ports: ' \
+                '*--group-add=-[Add additional groups to run as]:group: ' \
                 '(-h --hostname)'{-h,--hostname=-}'[Container host name]:hostname:_hosts' \
                 '(- :)--help[Print usage]' \
                 '(-i --interactive)'{-i,--interactive}'[Keep STDIN open even if not attached]' \

docs/reference/api/docker_remote_api.md

@@ -68,6 +68,10 @@ Running `docker rmi` emits an **untag** event when removing an image name.  The
 
 ### What's new
 
+**New!**
+The `hostConfig` option now accepts the field `GroupAdd`, which specifies a list of additional
+groups that the container process will run as.
+
 ## v1.19
 
 ### Full documentation

docs/reference/commandline/run.md

@@ -34,6 +34,7 @@ weight=1
       --entrypoint=""            Overwrite the default ENTRYPOINT of the image
       --env-file=[]              Read in a file of environment variables
       --expose=[]                Expose a port or a range of ports
+      --group-add=[]             Add additional groups to run as
       -h, --hostname=""          Container host name
       --help=false               Print usage
       -i, --interactive=false    Keep STDIN open even if not attached

docs/reference/run.md

@@ -737,6 +737,16 @@ weights of the two containers.
 > **Note:** The blkio weight setting is only available for direct IO. Buffered IO
 > is not currently supported.
 
+## Additional groups
+    --group-add: Add Linux capabilities
+
+By default, the docker container process runs with the supplementary groups looked
+up for the specified user. If one wants to add more to that list of groups, then
+one can use this flag:
+
+    $ docker run -ti --rm --group-add audio  --group-add dbus --group-add 777 busybox id
+    uid=0(root) gid=0(root) groups=10(wheel),29(audio),81(dbus),777
+
 ## Runtime privilege, Linux capabilities, and LXC configuration
 
     --cap-add: Add Linux capabilities

man/docker-create.1.md

@@ -24,6 +24,7 @@ docker-create - Create a new container
 [**--entrypoint**[=*ENTRYPOINT*]]
 [**--env-file**[=*[]*]]
 [**--expose**[=*[]*]]
+[**--group-add**[=*[]*]]
 [**-h**|**--hostname**[=*HOSTNAME*]]
 [**--help**]
 [**-i**|**--interactive**[=*false*]]
@@ -129,6 +130,9 @@ two memory nodes.
 **--expose**=[]
    Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host
 
+**--group-add**=[]
+   Add additional groups to run as
+
 **-h**, **--hostname**=""
    Container host name
 

man/docker-run.1.md

@@ -25,6 +25,7 @@ docker-run - Run a command in a new container
 [**--entrypoint**[=*ENTRYPOINT*]]
 [**--env-file**[=*[]*]]
 [**--expose**[=*[]*]]
+[**--group-add**[=*[]*]]
 [**-h**|**--hostname**[=*HOSTNAME*]]
 [**--help**]
 [**-i**|**--interactive**[=*false*]]
@@ -216,6 +217,9 @@ ENTRYPOINT.
 **--expose**=[]
    Expose a port, or a range of ports (e.g. --expose=3300-3310), from the container without publishing it to your host
 
+**--group-add**=[]
+   Add additional groups to run as
+
 **-h**, **--hostname**=""
    Container host name