mirror of https://github.com/docker/docs.git
engine: update cli reference yamldocs for v26.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
bff6a0913e
commit
92b0faaf83
|
@ -75,6 +75,7 @@ options:
|
||||||
value_type: bool
|
value_type: bool
|
||||||
default_value: "false"
|
default_value: "false"
|
||||||
description: Give extended privileges to the command
|
description: Give extended privileges to the command
|
||||||
|
details_url: '#privileged'
|
||||||
deprecated: false
|
deprecated: false
|
||||||
hidden: false
|
hidden: false
|
||||||
experimental: false
|
experimental: false
|
||||||
|
@ -181,6 +182,10 @@ examples: |-
|
||||||
HOME=/root
|
HOME=/root
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Escalate container privileges (--privileged) {#privileged}
|
||||||
|
|
||||||
|
See [`docker run --privileged`](/reference/cli/docker/container/run/#privileged).
|
||||||
|
|
||||||
### Set the working directory for the exec process (--workdir, -w) {#workdir}
|
### Set the working directory for the exec process (--workdir, -w) {#workdir}
|
||||||
|
|
||||||
By default `docker exec` command runs in the same working directory set when
|
By default `docker exec` command runs in the same working directory set when
|
||||||
|
|
|
@ -1036,6 +1036,7 @@ options:
|
||||||
- option: userns
|
- option: userns
|
||||||
value_type: string
|
value_type: string
|
||||||
description: User namespace to use
|
description: User namespace to use
|
||||||
|
details_url: '#userns'
|
||||||
deprecated: false
|
deprecated: false
|
||||||
hidden: false
|
hidden: false
|
||||||
experimental: false
|
experimental: false
|
||||||
|
@ -1177,7 +1178,7 @@ examples: |-
|
||||||
|
|
||||||
#### Example: run htop inside a container
|
#### Example: run htop inside a container
|
||||||
|
|
||||||
To run `htop` in a container that shares the process namespace of the host:
|
To run `htop` in a container that shares the process namespac of the host:
|
||||||
|
|
||||||
1. Run an alpine container with the `--pid=host` option:
|
1. Run an alpine container with the `--pid=host` option:
|
||||||
|
|
||||||
|
@ -1238,6 +1239,21 @@ examples: |-
|
||||||
strace: Process 1 attached
|
strace: Process 1 attached
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Disable namespace remapping for a container (--userns) {#userns}
|
||||||
|
|
||||||
|
If you enable user namespaces on the daemon,
|
||||||
|
all containers are started with user namespaces enabled by default.
|
||||||
|
To disable user namespace remapping for a specific container,
|
||||||
|
you can set the `--userns` flag to `host`.
|
||||||
|
|
||||||
|
```console
|
||||||
|
docker run --userns=host hello-world
|
||||||
|
```
|
||||||
|
|
||||||
|
`host` is the only valid value for the `--userns` flag.
|
||||||
|
|
||||||
|
For more information, refer to [Isolate containers with a user namespace](/engine/security/userns-remap/).
|
||||||
|
|
||||||
### UTS settings (--uts) {#uts}
|
### UTS settings (--uts) {#uts}
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
@ -1293,7 +1309,37 @@ examples: |-
|
||||||
of the containers, using `"shareable"` mode for the main (i.e. "donor")
|
of the containers, using `"shareable"` mode for the main (i.e. "donor")
|
||||||
container, and `"container:<donor-name-or-ID>"` for other containers.
|
container, and `"container:<donor-name-or-ID>"` for other containers.
|
||||||
|
|
||||||
### Full container capabilities (--privileged) {#privileged}
|
### Escalate container privileges (--privileged) {#privileged}
|
||||||
|
|
||||||
|
The `--privileged` flag gives the following capabilities to a container:
|
||||||
|
|
||||||
|
- Enables all Linux kernel capabilities
|
||||||
|
- Disables the default seccomp profile
|
||||||
|
- Disables the default AppArmor profile
|
||||||
|
- Disables the SELinux process label
|
||||||
|
- Grants access to all host devices
|
||||||
|
- Makes `/sys` read-write
|
||||||
|
- Makes cgroups mounts read-write
|
||||||
|
|
||||||
|
In other words, the container can then do almost everything that the host can
|
||||||
|
do. This flag exists to allow special use-cases, like running Docker within
|
||||||
|
Docker.
|
||||||
|
|
||||||
|
> **Warning**
|
||||||
|
>
|
||||||
|
> Use the `--privileged` flag with caution.
|
||||||
|
> A container with `--privileged` is not a securely sandboxed process.
|
||||||
|
> Containers in this mode can get a root shell on the host
|
||||||
|
> and take control over the system.
|
||||||
|
>
|
||||||
|
> For most use cases, this flag should not be the preferred solution.
|
||||||
|
> If your container requires escalated privileges,
|
||||||
|
> you should prefer to explicitly grant the necessary permissions,
|
||||||
|
> for example by adding individual kernel capabilities with `--cap-add`.
|
||||||
|
>
|
||||||
|
> For more information, see
|
||||||
|
> [Runtime privilege and Linux capabilities](/engine/reference/run/#runtime-privilege-and-linux-capabilities)
|
||||||
|
{ .warning }
|
||||||
|
|
||||||
The following example doesn't work, because by default, Docker drops most
|
The following example doesn't work, because by default, Docker drops most
|
||||||
potentially dangerous kernel capabilities, including `CAP_SYS_ADMIN ` (which is
|
potentially dangerous kernel capabilities, including `CAP_SYS_ADMIN ` (which is
|
||||||
|
@ -1315,11 +1361,6 @@ examples: |-
|
||||||
none 1.9G 0 1.9G 0% /mnt
|
none 1.9G 0 1.9G 0% /mnt
|
||||||
```
|
```
|
||||||
|
|
||||||
The `--privileged` flag gives all capabilities to the container, and it also
|
|
||||||
lifts all the limitations enforced by the `device` cgroup controller. In other
|
|
||||||
words, the container can then do almost everything that the host can do. This
|
|
||||||
flag exists to allow special use-cases, like running Docker within Docker.
|
|
||||||
|
|
||||||
### Set working directory (-w, --workdir) {#workdir}
|
### Set working directory (-w, --workdir) {#workdir}
|
||||||
|
|
||||||
```console
|
```console
|
||||||
|
@ -1967,7 +2008,7 @@ examples: |-
|
||||||
password is hidden:
|
password is hidden:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker run -i debian passwd root
|
$ docker run -it debian passwd root
|
||||||
New password:
|
New password:
|
||||||
Retype new password:
|
Retype new password:
|
||||||
passwd: password updated successfully
|
passwd: password updated successfully
|
||||||
|
|
|
@ -24,7 +24,7 @@ long: |-
|
||||||
> **Note**
|
> **Note**
|
||||||
>
|
>
|
||||||
> If the `URL` parameter contains a fragment the system recursively clones
|
> If the `URL` parameter contains a fragment the system recursively clones
|
||||||
> the repository and its submodules using a `git clone --recursive` command.
|
> the repository and its submodules.
|
||||||
|
|
||||||
Git URLs accept context configuration in their fragment section, separated by a
|
Git URLs accept context configuration in their fragment section, separated by a
|
||||||
colon (`:`). The first part represents the reference that Git checks out,
|
colon (`:`). The first part represents the reference that Git checks out,
|
||||||
|
|
|
@ -313,7 +313,8 @@ examples: |-
|
||||||
| `com.docker.network.container_iface_prefix` | - | Set a custom prefix for container interfaces |
|
| `com.docker.network.container_iface_prefix` | - | Set a custom prefix for container interfaces |
|
||||||
|
|
||||||
The following arguments can be passed to `docker network create` for any
|
The following arguments can be passed to `docker network create` for any
|
||||||
network driver, again with their approximate equivalents to `docker daemon`.
|
network driver, again with their approximate equivalents to Docker daemon
|
||||||
|
flags used for the docker0 bridge:
|
||||||
|
|
||||||
| Argument | Equivalent | Description |
|
| Argument | Equivalent | Description |
|
||||||
|--------------|----------------|--------------------------------------------|
|
|--------------|----------------|--------------------------------------------|
|
||||||
|
@ -334,6 +335,12 @@ examples: |-
|
||||||
|
|
||||||
### Network internal mode (--internal) {#internal}
|
### Network internal mode (--internal) {#internal}
|
||||||
|
|
||||||
|
Containers on an internal network may communicate between each other, but not
|
||||||
|
with any other network, as no default route is configured and firewall rules
|
||||||
|
are set up to drop all traffic to or from other networks. Communication with
|
||||||
|
the gateway IP address (and thus appropriately configured host services) is
|
||||||
|
possible, and the host may communicate with any container IP directly.
|
||||||
|
|
||||||
By default, when you connect a container to an `overlay` network, Docker also
|
By default, when you connect a container to an `overlay` network, Docker also
|
||||||
connects a bridge network to it to provide external connectivity. If you want
|
connects a bridge network to it to provide external connectivity. If you want
|
||||||
to create an externally isolated `overlay` network, you can specify the
|
to create an externally isolated `overlay` network, you can specify the
|
||||||
|
|
|
@ -27,6 +27,18 @@ options:
|
||||||
experimentalcli: false
|
experimentalcli: false
|
||||||
kubernetes: false
|
kubernetes: false
|
||||||
swarm: false
|
swarm: false
|
||||||
|
- option: detach
|
||||||
|
shorthand: d
|
||||||
|
value_type: bool
|
||||||
|
default_value: "true"
|
||||||
|
description: |
|
||||||
|
Exit immediately instead of waiting for the stack services to converge
|
||||||
|
deprecated: false
|
||||||
|
hidden: false
|
||||||
|
experimental: false
|
||||||
|
experimentalcli: false
|
||||||
|
kubernetes: false
|
||||||
|
swarm: false
|
||||||
- option: prune
|
- option: prune
|
||||||
value_type: bool
|
value_type: bool
|
||||||
default_value: "false"
|
default_value: "false"
|
||||||
|
@ -38,6 +50,17 @@ options:
|
||||||
experimentalcli: false
|
experimentalcli: false
|
||||||
kubernetes: false
|
kubernetes: false
|
||||||
swarm: false
|
swarm: false
|
||||||
|
- option: quiet
|
||||||
|
shorthand: q
|
||||||
|
value_type: bool
|
||||||
|
default_value: "false"
|
||||||
|
description: Suppress progress output
|
||||||
|
deprecated: false
|
||||||
|
hidden: false
|
||||||
|
experimental: false
|
||||||
|
experimentalcli: false
|
||||||
|
kubernetes: false
|
||||||
|
swarm: false
|
||||||
- option: resolve-image
|
- option: resolve-image
|
||||||
value_type: string
|
value_type: string
|
||||||
default_value: always
|
default_value: always
|
||||||
|
|
|
@ -13,6 +13,18 @@ long: |-
|
||||||
usage: docker stack rm [OPTIONS] STACK [STACK...]
|
usage: docker stack rm [OPTIONS] STACK [STACK...]
|
||||||
pname: docker stack
|
pname: docker stack
|
||||||
plink: docker_stack.yaml
|
plink: docker_stack.yaml
|
||||||
|
options:
|
||||||
|
- option: detach
|
||||||
|
shorthand: d
|
||||||
|
value_type: bool
|
||||||
|
default_value: "true"
|
||||||
|
description: Do not wait for stack removal
|
||||||
|
deprecated: false
|
||||||
|
hidden: false
|
||||||
|
experimental: false
|
||||||
|
experimentalcli: false
|
||||||
|
kubernetes: false
|
||||||
|
swarm: false
|
||||||
inherited_options:
|
inherited_options:
|
||||||
- option: help
|
- option: help
|
||||||
value_type: bool
|
value_type: bool
|
||||||
|
|
Loading…
Reference in New Issue