diff --git a/docs/reference/run.md b/docs/reference/run.md index d00c7d9bc..3c4233480 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1248,12 +1248,16 @@ container's `/etc/hosts` entry will be automatically updated. ### VOLUME (shared filesystems) - -v=[]: Create a bind mount with: [host-dir:]container-dir[:rw|ro]. - If 'host-dir' is missing, then docker creates a new volume. + -v=[]: Create a bind mount with: [host-dir:]container-dir[:], where + options are comma delimited and selected from [rw|ro] and [z|Z]. + If 'host-dir' is missing, then docker creates a new volume. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. --volumes-from="": Mount all volumes from the given container(s) +> **Note**: +> The auto-creation of the host path has been [*deprecated*](/misc/deprecated/#auto-creating-missing-host-paths-for-bind-mounts). + The volumes commands are complex enough to have their own documentation in section [*Managing data in containers*](/userguide/dockervolumes). A developer can define diff --git a/docs/userguide/dockervolumes.md b/docs/userguide/dockervolumes.md index 6328ebf4c..a96df533f 100644 --- a/docs/userguide/dockervolumes.md +++ b/docs/userguide/dockervolumes.md @@ -142,7 +142,7 @@ Mounting a host directory can be useful for testing. For example, you can mount source code inside a container. Then, change the source code and see its effect on the application in real time. The directory on the host must be specified as an absolute path and if the directory doesn't exist Docker will automatically -create it for you. +create it for you. This auto-creation of the host path has been [*deprecated*](/userguide/dockervolumes/#auto-creating-missing-host-paths-for-bind-mounts). Docker volumes default to mount in read-write mode, but you can also set it to be mounted read-only. @@ -165,6 +165,20 @@ user with access to host and its mounted directory. >should be portable. A host directory wouldn't be available on all potential >hosts. +### Volume labels + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. + +To change a label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. ### Mount a host file as a data volume diff --git a/man/docker-run.1.md b/man/docker-run.1.md index ebb65d71c..8639e5364 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -420,9 +420,17 @@ standard input. ""--ulimit""=[] Ulimit options -**-v**, **--volume**=[] - Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) - +**-v**, **--volume**=[] Create a bind mount + (format: `[host-dir:]container-dir[:]`, where suffix options +are comma delimited and selected from [rw|ro] and [z|Z].) + + (e.g., using -v /host-dir:/container-dir, bind mounts /host-dir in the +host to /container-dir in the Docker container) + + If 'host-dir' is missing, then docker automatically creates the new volume +on the host. **This auto-creation of the host path has been deprecated in +Release: v1.9.** + The **-v** option can be used one or more times to add one or more mounts to a container. These mounts can then be used in other containers using the **--volumes-from** option. @@ -457,8 +465,6 @@ For example, you can specify either `/foo` or `foo` for a `host-dir` value. If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. -**Note:** Multiple Volume options can be added separated by a , (comma). - **--volumes-from**=[] Mount volumes from the specified container(s)