Commit graph

96 commits

Author SHA1 Message Date
Lei Jitang
57abf4afe9 Fix docker run --expose with an invalid port does not error out
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-02-17 07:12:02 -08:00
Qiang Huang
aee28e0e87 fix the problem that memory-swap=-1 is not working for docker command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-02-09 10:36:49 +08:00
Jeff Nickoloff
46d4e491c8 Amend run help for --user to include GUID
The -u/--user flag optionaly takes a group/gui. This change documents this behavior and specifies the complete format of the value.

Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>

Added a missed semi-colon for consistency with other messages.

Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
2015-02-04 21:27:02 +01:00
Doug Davis
2203b37733 Pretty the help text
This modifies the "docker help" text so that it is no wider than 80 chars
and each description fits on one line. This will also try to use ~ when
possible

Added a test to make sure we don't go over 80 chars again.
Added a test to make sure we use ~

Applied rules/tests to all docker commands - not just main help text

Closes #10214

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-02-04 07:59:16 -08:00
HuKeping
2082ff82b5 log: Add restart policy name to the inspect information of container
Under the restart policy "--restart=no", there is no record about it
in the information from docker inspect.

To keep it consistent around the three(maybe more in the future) restart
policies and distinguish with no restart policy specified cases, it's
worth to record it even though it is the default restart policy which
will not restart the container.

Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-01-15 22:40:31 +08:00
Alexander Morozov
95c0f07966 Merge pull request #10093 from crosbymichael/readonly-containers
Add --read-only for read only container rootfs
2015-01-14 15:56:51 -08:00
Michael Crosby
409407091a Add --readonly for read only container rootfs
Add a --readonly flag to allow the container's root filesystem to be
mounted as readonly.  This can be used in combination with volumes to
force a container's process to only write to locations that will be
persisted.  This is useful in many cases where the admin controls where
they would like developers to write files and error on any other
locations.

Closes #7923
Closes #8752

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-14 15:41:31 -08:00
Michael Crosby
37b69408f8 Merge pull request #10056 from coolljt0725/add_link_accept_ID
Add --link accept container ID
2015-01-14 12:50:10 -08:00
Dan Walsh
23feaaa240 Allow the container to share the PID namespace with the host
We want to be able to use container without the PID namespace.  We basically
want containers that can manage the host os, which I call Super Privileged
Containers.  We eventually would like to get to the point where the only
namespace we use is the MNT namespace to bring the Apps userspace with it.

By eliminating the PID namespace we can get better communication between the
host and the clients and potentially tools like strace and gdb become easier
to use.  We also see tools like libvirtd running within a container telling
systemd to place a VM in a particular cgroup, we need to have communications of the PID.

I don't see us needing to share PID namespaces between containers, since this
is really what docker exec does.

So currently I see us just needing docker run --pid=host

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-01-13 16:35:17 -08:00
Lei Jitang
400d92871c Add --link accept container ID
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-01-13 09:38:12 +08:00
Alexander Morozov
748b7459b3 Merge pull request #9603 from hqhq/hq_add_memory_swap
add support to set MemorySwap
2015-01-06 10:09:21 -08:00
Jessie Frazelle
0bc2222b39 Merge pull request #9920 from SvenDowideit/publish-all-maps-to-random-ports
Explicitly mention that '-P' maps to random ports
2015-01-06 09:39:50 -08:00
Tibor Vass
41be2f73c7 refactor redundant code around calls to cmd.Parse
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2015-01-06 13:41:16 +01:00
Dan Walsh
a2b529ead2 --help option and help command should print to stdout not stderr
--help and help are successful commands so output should not go to error.

    QE teams have requested this change, also users doing docker help | less
    or docker run --help | less would expect this to work.

    Usage statement should only be printed when the user asks for it.
    Errors should print error message and then suggest the docker COMMAND --help
    command to see usage information.

    The current behaviour causes the user to have to search for the error message
    and sometimes scrolls right off the screen.  For example a error on a
    "docker run" command is very difficult to diagnose.

    Finally erros should always exit with a non 0 exit code, if the user
    makes a CLI error.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-01-06 13:40:14 +01:00
Sven Dowideit
7b2331061e Explicitly mention that '-P' maps to random ports
as noted in https://github.com/boot2docker/boot2docker/issues/690

Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
2015-01-06 17:01:10 +10:00
Srini Brahmaroutu
2338a9cf5a add ability to publish range of ports
Closes #8899
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-01-02 23:21:26 +00:00
Qiang Huang
1a9b640e0d add support to set MemorySwap
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2014-12-10 16:53:43 -08:00
Michael Crosby
294843ef23 Move security opts to HostConfig
These settings need to be in the HostConfig so that they are not
committed to an image and cannot introduce a security issue.

We can safely move this field from the Config to the HostConfig
without any regressions because these settings are consumed at container
created and used to populate fields on the Container struct.  Because of
this, existing settings will be honored for containers already created
on a daemon with custom security settings and prevent values being
consumed via an Image.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	daemon/create.go
		changing config to hostConfig was required to fix the
		 build
2014-11-25 01:02:30 +02:00
John Gossman
e45b0f9271 Remove unused sysinfo parameter to runconfig.Parse
Removing dead code.

Signed-off-by: John Gossman <johngos@microsoft.com>
2014-11-14 18:20:54 -08:00
Dan Walsh
497fc8876e Allow IPC namespace to be shared between containers or with the host
Some workloads rely on IPC for communications with other processes.  We
would like to split workloads between two container but still allow them
to communicate though shared IPC.

This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace.  ipc=container:CONTAINERID to share ipc between containers

If you share IPC between containers, then you need to make sure SELinux labels
match.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-11-12 11:29:58 -05:00
Malte Janduda
971fc2253a enhancing set-macaddress docu
Signed-off-by: Malte Janduda <mail@janduda.net>
2014-11-03 11:43:27 +01:00
Malte Janduda
f2df38050e Adding docker-cli run param to set MAC address
Signed-off-by: Malte Janduda <mail@janduda.net>
2014-11-01 15:35:09 +01:00
Srini Brahmaroutu
fd774a818c adding support for port ranges on --expose
Closes #1834

Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2014-10-31 23:06:30 +00:00
Huayi Zhang
eaa050fdb8 Mapping change in code
Signed-off-by: Huayi Zhang <irachex@gmail.com>
2014-10-31 09:57:54 +08:00
Sven Dowideit
2709c4677c Add info on --device flag permissions ':rwm'
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
2014-10-13 17:41:12 +10:00
Dan Walsh
87e732a0f3 Add --security-opts options to allow user to customize security configuration
security-opts will allow you to customise the security subsystem.

For example the labeling system like SELinux will run on a container.

    --security-opt="label:user:USER"   : Set the label user for the container
    --security-opt="label:role:ROLE"   : Set the label role for the container
    --security-opt="label:type:TYPE"   : Set the label type for the container
    --security-opt="label:level:LEVEL" : Set the label level for the container
    --security-opt="label:disabled"    : Turn off label confinement for the container

Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels.  Genlabels interface is Depracated.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-09-30 00:06:22 +00:00
Oh Jinkyun
9aa71549d6 Removed runconfig.ParseSubcommand
Removed runconfig.ParseSubcommand, changed it to runconfig.Parse and editted related tests and modules

Signed-off-by: Oh Jinkyun <tintypemolly@gmail.com>
2014-09-17 14:38:22 -07:00
Jessie Frazelle
f98a1f1f7d Merge pull request #8019 from thockin/add-host
Allow extra lines in /etc/hosts
2014-09-16 17:19:16 -07:00
Tim Hockin
68e48b65a6 Allow extra lines in /etc/hosts
This adds a --add-host host:ip flag which appends lines to /etc/hosts.  This is needed in places where you want the container to get a different name resolution than it would through DNS.  This was submitted before as #5525, closed, and now I am re-opening.  It has come up 2 or 3 times in the last couple days.

Signed-off-by: Tim Hockin <thockin@google.com>
2014-09-16 23:38:23 +00:00
Tibor Vass
e49c701092 Resolve conflicts with restart policies
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-09-16 18:40:25 -04:00
Alexander Larsson
3a90004f3c Add "docker create" support
This exposes the already existing "create container" operation.  It is
very similar to "docker run -d" except it doesn't actually start the
container, but just prepares it. It can then be manually started using
"docker start" at any point.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)

Conflicts:
	api/client/commands.go
	runconfig/parse.go
	server/container.go

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-09-16 18:40:24 -04:00
unclejack
3256050ed4 deny net host + dns and links with container net
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-08-28 16:58:54 +03:00
Victor Vieux
2e489073d9 Revert "--help option and help command should print to stdout not stderr"
This reverts commit 61b129d818.

Signed-off-by: Victor Vieux <vieux@docker.com>
2014-08-27 18:59:13 +00:00
Victor Vieux
76fd51a478 Merge pull request #6052 from rhatdan/help
--help option and help command should print to stdout not stderr
2014-08-27 11:17:16 -07:00
Dan Walsh
61b129d818 --help option and help command should print to stdout not stderr
--help and help are successful commands so output should not go to error.

QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.

Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.

The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen.  For example a error on a
"docker run" command is very difficult to diagnose.

Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-08-21 15:35:20 -04:00
Michael Crosby
5ad4879d2a Update flag usages and docs for max restart count
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-13 18:24:33 -07:00
Michael Crosby
860c13b788 Add documentation and update restart rules.
Implement time backed backoff for restarting and fix failure count when
the maximum is 0

Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-13 15:57:37 -07:00
Michael Crosby
d9753ba20d Add typed RestartPolicy
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-13 15:56:34 -07:00
Michael Crosby
bd8c9dc239 Restart containers based on restart policy
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-13 15:56:34 -07:00
Josiah Kiehl
a02f67be5b Extract log utils into pkg/log
Docker-DCO-1.1-Signed-off-by: Josiah Kiehl <josiah@capoferro.net> (github: capoferro)
2014-08-13 15:18:15 -07:00
Solomon Hykes
6200002669 Helpers to parse lists, IPs, hosts, dns searches from the command line
Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-13 19:25:47 +00:00
Erik Hollensbe
4398108433 Move parsing functions to pkg/parsers and the specific kernel handling
functions to pkg/parsers/kernel, and parsing filters to
pkg/parsers/filter. Adjust imports and package references.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-07-29 13:09:10 -07:00
Victor Vieux
b3ee9ac74e update go import path and libcontainer
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-24 22:19:50 +00:00
Matthew Heon
31351d08a3 Update docs on --sig-proxy to indicate that SIGKILL and SIGSTOP cannot be proxied
Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
2014-07-18 12:32:04 -04:00
unclejack
be8cea9856 don't allow links to be used with --net=host
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-07-17 00:32:24 +03:00
Victor Vieux
e7d9854414 add doc
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-11 23:43:21 +00:00
Victor Vieux
94e6dc9781 Basic --cap-add and --cap-drop support for native
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-11 23:43:21 +00:00
Timothy
e855c4b921 Add --device flag to allow additional host devices in container
We add a --device flag which can be used like:

 docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash

To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.

Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
2014-07-10 10:35:53 -07:00
Victor Vieux
b68111713d update for consistency
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-09 21:48:02 +00:00
Victor Vieux
0abdea9094 add check on docker run
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-09 21:48:02 +00:00