Only open_by_handle_at requires CAP_DAC_READ_SEARCH.
This allows systemd to run with only `--cap-add SYS_ADMIN`
rather than having to also add `--cap-add DAC_READ_SEARCH`
as well which it does not really need.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
commit 41d580c7a6 added
"Joined at" to the output of node inspect,
but I forgot that docs changes are needed.
This change updates the example output
of node inspect in the documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Progress reporting during image load was added
in 415dd86886, but
the corresponding query-parameter was not documented
in the API docs.
This updates the API docs, and adds a response example
both with quiet enabled and disabled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Without a content-type header, Go uses a max post size
of 10 megabytes, which makes loading images fail
if they're larger than 10 megabytes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The error message suggests you need one argument even when you
have provided one. Suggest having another argument.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Unlike `docker run -v..`, `docker service create --mount`
does not allow bind-mounting non-existing host paths.
This adds validation for the specified `source`, and
produces an error if the path is not found on the
host.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this, container's auto-removal after exit is done in a goroutine,
this commit will get ContainerRm out of the goroutine.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
If AutoRemove is set, wait until client get `destroy` events, or get
`detach` events that implies container is detached but not stopped.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
`--rm` is a client side flag which caused lots of problems:
1. if client lost connection to daemon, including client crash or be
killed, there's no way to clean garbage container.
2. if docker stop a `--rm` container, this container won't be
autoremoved.
3. if docker daemon restart, container is also left over.
4. bug: `docker run --rm busybox fakecmd` will exit without cleanup.
In a word, client side `--rm` flag isn't sufficient for garbage
collection. Move the `--rm` flag to daemon will be more reasonable.
What this commit do is:
1. implement a `--rm` on daemon side, adding one flag `AutoRemove` into
HostConfig.
2. Allow `run --rm -d`, no conflicting `--rm` and `-d` any more,
auto-remove can work on detach mode.
3. `docker restart` a `--rm` container will succeed, the container won't
be autoremoved.
This commit will help a lot for daemon to do garbage collection for
temporary containers.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
The memory should always be smaller than memoryswap,
we should error out with message that user know how
to do rather than just an invalid argument error if
user update the memory limit bigger than already set
memory swap.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
When running a `make manpages` the image `docker-manpage-dev` will be build and started to create
the man pages. But the container will not be deleted afterwards. So I propose to start it with
`docker run --rm ...`, otherwise we'll collect some trash.
```
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3d9f721d862 docker-manpage-dev "man/generate.sh" 19 minutes ago Exited (0) 16 minutes ago berserk_jang
5738a23fb682 docker-manpage-dev "man/generate.sh" 9 hours ago Exited (0) 9 hours ago boring_bartik
15490b5e63f7 docker-manpage-dev "man/generate.sh" 10 hours ago Exited (0) 10 hours ago lonely_joliot
```
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
