docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update content_trust.md

This commit is contained in:
Anne Henmi 2018-10-25 13:19:03 -06:00 committed by GitHub
parent 3b86535170
commit 75e3c4de87
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
engine/security/trust/content_trust.md
View File

@ -182,6 +182,11 @@ The signature verification feature is configured in the Docker daemon configurat
`permissive`: Verification will be performed, but only failures will only be logged and remain unenforced. This configuration is intended for testing of changes related to content-trust. <br>
`enforced`: DCT will be enforced and an image that cannot be verified successfully will not be pulled or run. |
***Note:*** The DCT configuration defined here is agnostic of any policy defined in
[UCP](https://docs.docker.com/v17.09/datacenter/ucp/2.0/guides/content-trust/#configure-ucp).
Images that can be deployed by the UCP trust policy but are disallowed by the Docker Engine
configuration will not successfully be deployed or run on that engine.
### Enable and disable DCT per-shell or per-invocation
Instead of enabling DCT through the system-wide configuration, DCT can be enabled or disabled