* Improve visibility of air-gapped containers feature.
The air-gapped container feature is currently under the settings-management
section. This hides it from users. Instead, move it up one level by creating a
dedicated sub-section for it under Hardended Desktop section.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* nit: remove quotes from links in hardened desktop section.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Add air-gapped containers to security section grid.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fix broken link from release notes to air-gapped containers.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* A few improvements in the air-gapped containers docs.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fix capitalization of air-gapped container references.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Make air-gapped containers a single page rather than subsection.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fixes to air-gapped containers section per review feedback.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
---------
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Update rootless.md
I just accomplished install via both manual and docker-ce-rootless-extras packages on Ubuntu 24.04. There were some pain points which I hope to address here and make this run more smoothly for others.
* As a `$` user, you cannot `cat<< EOF > /etc/apparmor.d`. The existing command should never work because you cannot be the user and access the apparmor folder at the same time. So we create the file and then move the file. This separates into creation which should be done as a user, and moving which requires sudo access. If the move command fails, that's a basic issue which can be resolved by an admin.
* I added missing apt-get commands which may be required on Ubuntu. I noticed `dbus-user-session` is a default package in Ubuntu and it was mentioned. So i took the liberty to add uidmap which is absolutely required, and systemd-container may be necessary for accessing via non-login terminals.
* The command `sudo systemctl disable --now docker.service docker.socket` was insufficient and requires a reboot to activate. The `sudo systemctl stop docker.service docker.socket` will immediately shut down the docker service.
* I added a note about not shutting down the docker service.
* Troubleshooting now includes an installation error where the user was a pure service account without login capabilities. `systemd-container` and `machinectl` is required when not logging in via terminal with user/pass.
* Add space per lint check
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* specific message
* don't stop the service, remove the dead socket
* Lint issue
---------
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
By enabling ignoreLocation and useExtendedSearch, we ensure
space-delimited keywords are not matched as a single phrase, and the
location of those individual matches does not matter
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Fix URL used for images in twitter/og previews
* Use absURL to create absolute URLs for meta tag URLs
* Update other uses of base URL generation to use absURL helper
* Improve subtitle in ECI limitations page.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Move ECI faqs from security/faqs -> ECI section.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Improve security FAQ and mention ECI.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fix a couple of links in ECI FAQ.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fix ECI FAQ in TOC.
* Add a dedicated container FAQ to teh security FAQs section.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Apply suggestions from code review
---------
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
* Add note that docker build are not always protected by ECI.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Add ECI limitations to TOC.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
---------
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
David Karlsson
Alano Terblanche
Cesar Talledo
Allie Sadler
Berke Sayın
Sebastiaan van Stijn
Savannah Ostrowski
Paweł Gronowski
Delath
Adam Outler
Michael Irwin
Stephanie Aurelio
Craig Osterhout
Mihaela Stoica
Emily Guo
Chaimaa Zegoumou
Gavin
Lorena Rangel
Brian Hagerty