11 年之前 · ed5054389a
--- a/docs/sources/articles/networking.md
+++ b/docs/sources/articles/networking.md
@@ -536,6 +536,11 @@ values.
 
				     **not** let the container reconfigure the host network stack — that
			
 
				     would require `--privileged=true` — but it does let container
			
 
				     processes open low-numbered ports like any other root process.
			
 
				+    It also allows the container to access local network services
			
 
				+    like D-bus.  This can lead to processes in the container being
			
 
				+    able to do unexpected things like
			
 
				+    [restart your computer](https://github.com/dotcloud/docker/issues/6401).
			
 
				+    You should use this option with caution.
			
 
				 
			
 
				  *  `--net=container:NAME_or_ID` — Tells Docker to put this container's
			
 
				     processes inside of the network stack that has already been created
			
--- a/docs/sources/reference/run.md
+++ b/docs/sources/reference/run.md
@@ -152,7 +152,7 @@ Supported networking modes are:
 
				 
			
 
				 * none - no networking in the container
			
 
				 * bridge - (default) connect the container to the bridge via veth interfaces
			
 
				-* host - use the host's network stack inside the container
			
 
				+* host - use the host's network stack inside the container.  Note: This gives the container full access to local system services such as D-bus and is therefore considered insecure.
			
 
				 * container - use another container's network stack
			
 
				 
			
 
				 #### Mode: none
			
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -65,7 +65,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 
				 		flWorkingDir      = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container")
			
 
				 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
			
 
				 		flCpuset          = cmd.String([]string{"-cpuset"}, "", "CPUs in which to allow execution (0-3, 0,1)")
			
 
				-		flNetMode         = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:<name|id>': reuses another container network stack\n'host': use the host network stack inside the contaner")
			
 
				+		flNetMode         = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:<name|id>': reuses another container network stack\n'host': use the host network stack inside the contaner.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.")
			
 
				 		// For documentation purpose
			
 
				 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)")
			
 
				 		_ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container")