= _includes/install-script.md, engine/install/linux-postinstall.md =
- Remove "Rootless mode is currently available as an experimental feature."
Close issue 12050
= engine/security/rootless.md =
== "Prerequiresites" section ==
- Remove information about old distros (Debian 9, CentOS 7.5-7.6)
== "Distribution-specific hint" section ==
- Tabified (`<div class="tab-content" />`)
== "Known limitations" section ==
- Kernel 5.11 supports rootless overlayfs, without the Ubuntu/Debian patch.
== "Install" section ==
- Promote RPM/DEB installation over TGZ installation.
See docker/roadmap issue 188
== "Uninstall" section ==
- Add "Uninstall" section.
Close issue 12053
== "Usage" section ==
- Added more information about systemd
- Move `nsenter` tips to "Tips for debugging" subsection under "Troubleshooting" section
== "Best practice" section ==
- Remove guide for `lxc-user-nic` network driver due to immaturity.
Will be brought back in future.
See rootless-containers/rootlesskit issue 138 .
== "Troubleshooting" section ==
- Add a guide for "can't open lock file /run/xtables.lock: Permission denied" (SELinux).
See moby/moby issue 41230
- Add a guide for "failed to register layer: ApplyLayer exit status 1 ..." (NFS).
Close docker/for-linux issue 1172
- Improve guides for slirp4netns.
- Remove v19.03 information (e.g., "cgroup v2 is unsupported, use cgroup v1")
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Previously, the `ssh://` helper was only mentioned in `engine/security/index.md`.
The `ssh://` helper is now documented in "Protect the Docker daemon socket"
(`engine/security/protect-access.md`, nee `engine/security/https.md`).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Docker now supports cgroup v2 (both rootful and rootless)
* Rootless mode graduated from experimental
* New storage driver: fuse-overlayfs
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
See https://web.dev/external-anchors-use-rel-noopener/
Using noopener, as that addresses the security issue. "noreferer" blocks
the REFERER header, which may still be useful for some target URLs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Generated yaml files were temporarily updated manually (pending
pull request to be merged in the upstream docker/cli repository)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Add Ubuntu 20.04
* Remove Fedora 30 (EOL)
* `docker run --net=host` does not work in the most expected way
* Allow installation as the root
* Nightly channel
* `docker context create rootless`
* `DOCKER_HOST=ssh://...`
* Alternatives to cgroup flags (`docker run --cpus --memory --pids-limit`)
* A bunch of troubleshooting tips
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The existing description leads the reader to believe that dropping CAP_SYS_PTRACE already blocks all ptraces. That is not true, it only blocks ptracing arbitrary processes. Ptracing child processes is still allowed.
* Removed is from line 80
Removed is from line 80 as this is not required
* changed text to link at line 129
changed text to link at line 129 to make it easy for user to navigate
* changed the URL to link
changed the URL to link for easy navigation
* added these before flags in line 186
added these before flags in line 186
Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
* Fix incorrect links in compose section
there's a bug causing wrapped links to not work, and replacing
some links to point to the .md file, so that IDE's can check
if the anchors are valid. Also replaced some links to point
to their new location.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* engine/swarm: update links
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Fix various broken links
There's a bug in the "jekyll-relative-links" plugin that causes wrapped links to not work.
Also replacing some links to point to the .md file, so that IDE's can check if the anchors
are valid. Finally, replaced some links to point to their new locations, so that users don't
get redirected..
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add "Run the Docker daemon as a non-root user (Rootless mode)":
`engine/security/rootless.md`
The content is based on https://github.com/moby/moby/blob/master/docs/rootless.md
`rootless.md` in `moby/moby` will be replaced of the link to
the `docs.docker.com` page compiled from `rootless.md` in this repo.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Update trust-with-remote-ucp.md
* Fix link texts
* Addresses 8446
* Update trust_delegation.md
* - Addresses 8446
- Cleans up broken links
- Fixes vague link texts
Addresses 8446
Update trust_delegation.md
* Update running_ssh_service.md
* Update running_ssh_service.md
Fixed formatting and wording. Also moved note above the code.
* Update running_ssh_service.md
Fixed typo.
* Compose: Update build docs, Add --quiet flag
* Fix destroy reference page link
Relates to https://github.com/docker/docker.github.io/pull/8441
* Rephrase Ubuntu 14.04 note
* Revert "Compose: Update build docs, Add --quiet flag"
* # This is a combination of 4 commits.
# This is the 1st commit message:
- Addresses 8446
- Cleans up broken links
- Fixes vague link texts
Addresses 8446
Update trust_delegation.md
# This is the commit message #2:
# This is a combination of 2 commits.
# This is the 1st commit message:
- Addresses 8446
- Cleans up broken links
- Fixes vague link texts
Addresses 8446
Update trust_delegation.md
# This is the commit message #2:
Update trust-with-remote-ucp.md
# This is the commit message #3:
- Addresses 8446
- Cleans up broken links
- Fixes vague link texts
# This is the commit message #4:
Fix destroy reference page link
Relates to https://github.com/docker/docker.github.io/pull/8441
* - Addresses 8446
- Cleans up broken links
- Fixes vague link texts
* Addresses 8446 with text and link cleanup.
* Update syntax language from none to bash
* Update index.md
The current documentation points to use a version of notary which has an expired certicate.
Updated the version of notary_autobuilds to 0.5.1 from 0.4.2.
Change the shared volume to notarycerts:/var/lib/notary/fixtures from notarycerts:/go/src/github.com/docker/notary/fixtures as location of certificate has changed.
Sebastiaan van Stijn
Akihiro Suda
Batuhan Apaydın
Fabian M
Florencio Cano
Maximillian Fan Xavier
Ryo Ota
Aðalsteinn Rúnarsson
Usha Mandya
José Fernando Cordova
Amal
Jan Kanis
Sebastiaan van Stijn
Flavien Berwick
Sourabh Shirhatti
ajay143444
scott-vsi
pcworld
LORIS INTERGALACTIQUE
Marc Nimmerrichter
Paulo Gomes
Sujay Pillai
Adrian Plata
Dawn W
ollypom
Olly P
nirajrules
Jameson Hyde
Rajasekharan Vengalil
Maria Bermudez
Wang Jie
Maria Bermudez
Paige Hargrave
L-Hudson
Eric Chiang
jondkent