From ec297483f8bc7e7231cf7e0e23350158bb81f21d Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 17 Feb 2014 10:02:23 +1000 Subject: [PATCH] change the -H TCP / docker group warning to not reference a resolved issue Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Upstream-commit: 8871fd3a317240dbd6d5a9ae3309726281572bc1 Component: engine --- components/engine/docs/sources/use/basics.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/engine/docs/sources/use/basics.rst b/components/engine/docs/sources/use/basics.rst index 6bd1f0b7a0..d62f778b9d 100644 --- a/components/engine/docs/sources/use/basics.rst +++ b/components/engine/docs/sources/use/basics.rst @@ -59,10 +59,10 @@ Bind Docker to another host/port or a Unix socket .. warning:: Changing the default ``docker`` daemon binding to a TCP port or Unix *docker* user group will increase your security risks - by allowing non-root users to potentially gain *root* access on the - host (`e.g. #1369 - `_). Make sure you - control access to ``docker``. + by allowing non-root users to gain *root* access on the + host. Make sure you control access to ``docker``. If you are binding + to a TCP port, anyone with access to that port has full Docker access; + so it is not advisable on an open network. With ``-H`` it is possible to make the Docker daemon to listen on a specific IP and port. By default, it will listen on