Introduce/document new IPC modes

This builds (and depends) on https://github.com/moby/moby/pull/34087 Version 2: - remove --ipc argument validation (it is now done by daemon) - add/document 'none' value - docs/reference/run.md: add a table with better modes description - dockerd(8) typesetting fixes Version 3: - remove ipc mode tests from cli/command/container/opts_test.go Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-07-20 14:42:51 -07:00
parent f7b78dc137
commit 9285db6752
5 changed files with 26 additions and 26 deletions
--- a/docs/reference/run.md
+++ b/docs/reference/run.md
@ -265,11 +265,21 @@ more advanced use case would be changing the host's hostname from a container.

 ## IPC settings (--ipc)

-    --ipc=""  : Set the IPC mode for the container,
-                 'container:<name|id>': reuses another container's IPC namespace
-                 'host': use the host's IPC namespace inside the container
+    --ipc="MODE"  : Set the IPC mode for the container

-By default, all containers have the IPC namespace enabled.
+The following values are accepted:
+
+| Value                      | Description                                                                       |
+|:---------------------------|:----------------------------------------------------------------------------------|
+| ""                         | Use daemon's default.                                                             |
+| "none"                     | Own private IPC namespace, with /dev/shm not mounted.                             |
+| "private"                  | Own private IPC namespace.                                                        |
+| "shareable"                | Own private IPC namespace, with a possibility to share it with other containers.  |
+| "container:<_name-or-ID_>" | Join another ("shareable") container's IPC namespace.                             |
+| "host"                     | Use the host system's IPC namespace.                                              |
+
+If not specified, daemon default is used, which can either be `"private"`
+or `"shareable"`, depending on the daemon version and configration.

 IPC (POSIX/SysV IPC) namespace provides separation of named shared memory
 segments, semaphores and message queues.
@ -280,7 +290,8 @@ memory is commonly used by databases and custom-built (typically C/OpenMPI,
 C++/using boost libraries) high performance applications for scientific
 computing and financial services industries. If these types of applications
 are broken into multiple containers, you might need to share the IPC mechanisms
-of the containers.
+of the containers, using `"shareable"` mode for the main (i.e. "donor")
+container, and `"container:<donor-name-or-ID>"` for other containers.

 ## Network settings