From 164ab2cfc9900a5e9a8037d41faea2bfdf3d64f1 Mon Sep 17 00:00:00 2001 From: Dimitris Mandalidis Date: Sat, 1 Oct 2016 11:01:49 +0300 Subject: [PATCH 1/2] Update volume options (fixes #27029) Signed-off-by: Dimitris Mandalidis --- docs/reference/api/docker_remote_api_v1.23.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/reference/api/docker_remote_api_v1.23.md b/docs/reference/api/docker_remote_api_v1.23.md index 099dad3e76..d416b0023e 100644 --- a/docs/reference/api/docker_remote_api_v1.23.md +++ b/docs/reference/api/docker_remote_api_v1.23.md @@ -372,10 +372,14 @@ Json Parameters: - **StopSignal** - Signal to stop a container as a string or unsigned integer. `SIGTERM` by default. - **HostConfig** - **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms: - + `host_path:container_path` to bind-mount a host path into the container - + `host_path:container_path:ro` to make the bind-mount read-only inside the container. - + `volume_name:container_path` to bind-mount a volume managed by a volume plugin into the container. - + `volume_name:container_path:ro` to make the bind mount read-only inside the container. + + `host_path:container_path[:options]` to bind-mount a host path into the container + + `volume_name:container_path[:options]` to bind-mount a volume managed by a volume plugin into the container. + + `options` can be a comma-delimited list of: + + `[ro|rw]` to mount a volume read-only or read-write, respectively. By default, the volumes are mounted read-write. + + `[z|Z]` The z option tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Docker to label the content with a private unshared label. Only the current container can use a private volume. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Docker does not change the labels set by the OS. + + `[[r]shared|[r]slave|[r]private]` to specify the propagation property only for bind mounted volumes and not for internal volumes or named volumes. For mount propagation to work source mount point (mount point where source dir is mounted on) has to have right propagation properties. For shared volumes, source mount point has to be shared. And for slave volumes, source mount has to be either shared or slave. + + `nocopy` to disable automatic copying of data from the container path to the volume, use the `nocopy` flag. The `nocopy` flag can only be set on named volumes. - **Links** - A list of links for the container. Each link entry should be in the form of `container_name:alias`. - **Memory** - Memory limit in bytes. From 5213a0a67ec635a45e640364e8aa9bf5f431625e Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Thu, 26 Jan 2017 12:10:59 -0800 Subject: [PATCH 2/2] Addressed feedback Signed-off-by: Misty Stanley-Jones --- docs/reference/api/docker_remote_api_v1.23.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/reference/api/docker_remote_api_v1.23.md b/docs/reference/api/docker_remote_api_v1.23.md index d416b0023e..f7084a56d7 100644 --- a/docs/reference/api/docker_remote_api_v1.23.md +++ b/docs/reference/api/docker_remote_api_v1.23.md @@ -371,15 +371,17 @@ Json Parameters: `"ExposedPorts": { "/: {}" }` - **StopSignal** - Signal to stop a container as a string or unsigned integer. `SIGTERM` by default. - **HostConfig** - - **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms: - + `host_path:container_path[:options]` to bind-mount a host path into the container - + `volume_name:container_path[:options]` to bind-mount a volume managed by a volume plugin into the container. + - **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms: + - `host_path:container_path[:options]` to bind-mount a host path into the container + - `volume_name:container_path[:options]` to bind-mount a volume managed by a volume driver into the container. - `options` can be a comma-delimited list of: - + `[ro|rw]` to mount a volume read-only or read-write, respectively. By default, the volumes are mounted read-write. - + `[z|Z]` The z option tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Docker to label the content with a private unshared label. Only the current container can use a private volume. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Docker does not change the labels set by the OS. - + `[[r]shared|[r]slave|[r]private]` to specify the propagation property only for bind mounted volumes and not for internal volumes or named volumes. For mount propagation to work source mount point (mount point where source dir is mounted on) has to have right propagation properties. For shared volumes, source mount point has to be shared. And for slave volumes, source mount has to be either shared or slave. - + `nocopy` to disable automatic copying of data from the container path to the volume, use the `nocopy` flag. The `nocopy` flag can only be set on named volumes. + `options` is a comma-delimited list of: + - `[ro|rw]` mounts a volume read-only or read-write, respectively. If omitted or set to `rw`, volumes are mounted read-write. + - `[z|Z]` specifies that multiple containers can read and write to the same volume. + - `z`: a _shared_ content label is applied to the content. This label indicates that multiple containers can share the volume content, for both reading and writing. + - `Z`: a _private unshared_ label is applied to the content. This label indicates that only the current container can use a private volume. Labeling systems such as SELinux require proper labels to be placed on volume content that is mounted into a container. Without a label, the security system can prevent a container's processes from using the content. By default, the labels set by the host operating system are not modified. + - `[[r]shared|[r]slave|[r]private]` specifies mount [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt). This only applies to bind-mounted volumes, not internal volumes or named volumes. Mount propagation requires the source mount point (the location where the source directory is mounted in the host operating system) to have the correct propagation properties. For shared volumes, the source mount point must be set to `shared`. For slave volumes, the mount must be set to either `shared` or `slave`. + - `nocopy` disables automatic copying of data from the container path to the volume. The `nocopy` flag only applies to named volumes. - **Links** - A list of links for the container. Each link entry should be in the form of `container_name:alias`. - **Memory** - Memory limit in bytes.