docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update content_trust.md

This commit is contained in:
Anne Henmi 2018-11-07 10:16:52 -08:00 committed by GitHub
parent 2791870005
commit ff81152728
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
engine/security/trust/content_trust.md
View File

@ -183,7 +183,7 @@ The signature verification feature is configured in the Docker daemon configurat
</tr>
<tr>
<td><code>trust-pinning:library-images</code></td>
<td>This option pins the official libraries (<code>docker.io/library/*<\code>) to the hard-coded Docker official images root key. DCT trusts the official images by default. This is in addition to whatever images are specified by <code>trust-pinning:root-keys<\code>. If `trustpinning:root-keys` specifies a key mapping for <code>docker.io/library/*</code>, those keys will be preferred for trust pinning. Otherwise, if a more general <code>docker.io/*</code> or <code>*</code> are specified, the official images key will be preferred.</td>
<td>This option pins the official libraries (<code>docker.io/library/*</code>) to the hard-coded Docker official images root key. DCT trusts the official images by default. This is in addition to whatever images are specified by <code>trust-pinning:root-keys<\code>. If `trustpinning:root-keys` specifies a key mapping for <code>docker.io/library/*</code>, those keys will be preferred for trust pinning. Otherwise, if a more general <code>docker.io/*</code> or <code>*</code> are specified, the official images key will be preferred.</td>
</tr>
<tr>
<td><code>allow-expired-trust-cache</code></td>