security-opts will allow you to customise the security subsystem.
For example the labeling system like SELinux will run on a container.
--security-opt="label:user:USER" : Set the label user for the container
--security-opt="label:role:ROLE" : Set the label role for the container
--security-opt="label:type:TYPE" : Set the label type for the container
--security-opt="label:level:LEVEL" : Set the label level for the container
--security-opt="label:disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Depracated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 87e732a0f3503517d7a66804bb9a7f74977347e5
Component: engine
Removed runconfig.ParseSubcommand, changed it to runconfig.Parse and editted related tests and modules
Signed-off-by: Oh Jinkyun <tintypemolly@gmail.com>
Upstream-commit: 9aa71549d61875fcf0713a9da11b034e70e1c3b0
Component: engine
This adds a --add-host host:ip flag which appends lines to /etc/hosts. This is needed in places where you want the container to get a different name resolution than it would through DNS. This was submitted before as #5525, closed, and now I am re-opening. It has come up 2 or 3 times in the last couple days.
Signed-off-by: Tim Hockin <thockin@google.com>
Upstream-commit: 68e48b65a64df10fc797cbaa89d6caa2188eadc9
Component: engine
This exposes the already existing "create container" operation. It is
very similar to "docker run -d" except it doesn't actually start the
container, but just prepares it. It can then be manually started using
"docker start" at any point.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Conflicts:
api/client/commands.go
runconfig/parse.go
server/container.go
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 3a90004f3c2d86ec849f4674c8046693ea061ed1
Component: engine
This method indicates that container using private network stack
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 080ca8619172b020c7da29b46f2fe4c939bb47ca
Component: engine
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 61b129d81802e3c988cc0e67e488b24968dd748a
Component: engine
Implement time backed backoff for restarting and fix failure count when
the maximum is 0
Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 860c13b788944410a98a6ad5b5cfb74de0a8405b
Component: engine
functions to pkg/parsers/kernel, and parsing filters to
pkg/parsers/filter. Adjust imports and package references.
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 4398108433121ce2ac9942e607da20fa1680871a
Component: engine
We add a --device flag which can be used like:
docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash
To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.
Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.
Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: e855c4b92170534864b920ec1e267b3a815764f9
Component: engine
In that case /etc/resolv.conf will be generated with no search
option. Usage: --dns-search=.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Upstream-commit: 804b00cd7d1f084a872211e5043d255c454c8e51
Component: engine
We discussed this at the docker plumbers meetup and for tools and
working on the system for things like boot2docker and coreos this is
needed. You can already bypass this check so we felt it is ok to start
allowing this feature.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: e39b8eade1f42503b6b7217e72eff4c8fdc13cb6
Component: engine
