From 3da26a5e79fbf69e2cfebb389cf7d6aede47cdd8 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 5 Mar 2024 15:29:56 +0100 Subject: [PATCH] docs: add description and link for --userns flag Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- docs/reference/commandline/container_run.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/container_run.md b/docs/reference/commandline/container_run.md index 706d43b57b..7fd9c84aa2 100644 --- a/docs/reference/commandline/container_run.md +++ b/docs/reference/commandline/container_run.md @@ -108,7 +108,7 @@ Create and run a new container from an image | [`-t`](#tty), [`--tty`](#tty) | | | Allocate a pseudo-TTY | | [`--ulimit`](#ulimit) | `ulimit` | | Ulimit options | | `-u`, `--user` | `string` | | Username or UID (format: [:]) | -| `--userns` | `string` | | User namespace to use | +| [`--userns`](#userns) | `string` | | User namespace to use | | [`--uts`](#uts) | `string` | | UTS namespace to use | | [`-v`](#volume), [`--volume`](#volume) | `list` | | Bind mount a volume | | `--volume-driver` | `string` | | Optional volume driver for the container | @@ -271,6 +271,21 @@ container. strace: Process 1 attached ``` +### Disable namespace remapping for a container (--userns) + +If you enable user namespaces on the daemon, +all containers are started with user namespaces enabled by default. +To disable user namespace remapping for a specific container, +you can set the `--userns` flag to `host`. + +```console +docker run --userns=host hello-world +``` + +`host` is the only valid value for the `--userns` flag. + +For more information, refer to [Isolate containers with a user namespace](https://docs.docker.com/engine/security/userns-remap/). + ### UTS settings (--uts) ```text