This fix updates the Plugin API docs to cover the case of remote
plugins which could be deployed on a host different from the
docker host, through spec or json files.
This fix closes#20188.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Add a paragraph about how to force a stack trace dump to the daemon log.
This feature was added in Docker 1.9 I believe, but documentation was
never added.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This adds the following new syscalls that are supported in libseccomp 2.3.0,
including calls added up to kernel 4.5-rc4:
mlock2 - same as mlock but with a flag
copy_file_range - copy file contents, like splice but with reflink support.
The following are not added, and mentioned in docs:
userfaultfd - userspace page fault handling, mainly designed for process migration
The following are not added, only apply to less common architectures:
switch_endian
membarrier
breakpoint
set_tls
I plan to review the other architectures, some of which can now have seccomp
enabled in the build as they are now supported.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The old examples no longer worked due to changes in
the client and Docker Hub.
This updates the "docker pull" documentation and
adds more examples and explanation of the features.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows users to provide a FQDN as hostname or to use distinct hostname and
domainname parts. Depends on https://github.com/docker/libnetwork/pull/950
Signed-off-by: Tim Hockin <thockin@google.com>
this allows user to choose the compression type (i.e. gzip/zlib/none) using
--log-opt=gelf-compression-type=none or the compression level (-1..9) using
--log-opt=gelf-compression-level=0 for gelf driver.
Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
Fixes: #21195
The current size of the debian image is 125.1 MB so I have updated the Markdown to say "under 150". Also removed "extremely" (minimal) as requested. Documentation built and tested using `make docs`.
Signed-off-by: Lucas Chan <lucas-github@lucaschan.com>
Either a single slash or localhost should be specified after http in the cURL URL, not http:// (double slash)
Signed-off-by: ohadschn <ohad188@gmail.com>
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.
The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.
Signed-off-by: Liron Levin <liron@twistlock.com>
Prior to this change, the "docker network inspect" contains only the
endpoints that have active local container. This excludes all the remote
and stale endpoints. By including all the endpoints, it makes debugging
much simpler and also allows the user to cleanup any stale endpoints
using "docker network disconnect -f {network} {endpoint-name}".
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Updating Docker's documentation file docker configuration file on Windows hosts.
This is of importance for Windows users whom are utilizing the Docker Toolbox.
Signed-off-by: Liran Tal <liran.talh@gmail.com>
This page has been deleted from the Docker Cloud tutorials,
so adding redirects for the old locations.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Resolves: #20113
Signed-off-by: Aditi Rajagopal <arajagopal@us.ibm.com>
Carry #20160
Tighten language
Updating with comments
Removing articles which is empty
Adding Brian's comments
Putting back what I took out
Signed-off-by: Mary Anthony <mary@docker.com>
Fixes#20818
This syscall was blocked as there was some concern that it could be
used to bypass filtering of other syscall arguments. However none of the
potential syscalls where this could be an issue (poll, nanosleep,
clock_nanosleep, futex) are blocked in the default profile anyway.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.
Closes#12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
This change centralizes the template manipulation in a single package
and adds basic string functions to their execution.
Signed-off-by: David Calavera <david.calavera@gmail.com>
