- btrfs is now supported (moby/moby PR 42253)
- CLI context "rootless" is now created by default (moby/moby PR 42109)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
= _includes/install-script.md, engine/install/linux-postinstall.md =
- Remove "Rootless mode is currently available as an experimental feature."
Close issue 12050
= engine/security/rootless.md =
== "Prerequiresites" section ==
- Remove information about old distros (Debian 9, CentOS 7.5-7.6)
== "Distribution-specific hint" section ==
- Tabified (`<div class="tab-content" />`)
== "Known limitations" section ==
- Kernel 5.11 supports rootless overlayfs, without the Ubuntu/Debian patch.
== "Install" section ==
- Promote RPM/DEB installation over TGZ installation.
See docker/roadmap issue 188
== "Uninstall" section ==
- Add "Uninstall" section.
Close issue 12053
== "Usage" section ==
- Added more information about systemd
- Move `nsenter` tips to "Tips for debugging" subsection under "Troubleshooting" section
== "Best practice" section ==
- Remove guide for `lxc-user-nic` network driver due to immaturity.
Will be brought back in future.
See rootless-containers/rootlesskit issue 138 .
== "Troubleshooting" section ==
- Add a guide for "can't open lock file /run/xtables.lock: Permission denied" (SELinux).
See moby/moby issue 41230
- Add a guide for "failed to register layer: ApplyLayer exit status 1 ..." (NFS).
Close docker/for-linux issue 1172
- Improve guides for slirp4netns.
- Remove v19.03 information (e.g., "cgroup v2 is unsupported, use cgroup v1")
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Previously, the `ssh://` helper was only mentioned in `engine/security/index.md`.
The `ssh://` helper is now documented in "Protect the Docker daemon socket"
(`engine/security/protect-access.md`, nee `engine/security/https.md`).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Docker now supports cgroup v2 (both rootful and rootless)
* Rootless mode graduated from experimental
* New storage driver: fuse-overlayfs
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
See https://web.dev/external-anchors-use-rel-noopener/
Using noopener, as that addresses the security issue. "noreferer" blocks
the REFERER header, which may still be useful for some target URLs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Generated yaml files were temporarily updated manually (pending
pull request to be merged in the upstream docker/cli repository)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Add Ubuntu 20.04
* Remove Fedora 30 (EOL)
* `docker run --net=host` does not work in the most expected way
* Allow installation as the root
* Nightly channel
* `docker context create rootless`
* `DOCKER_HOST=ssh://...`
* Alternatives to cgroup flags (`docker run --cpus --memory --pids-limit`)
* A bunch of troubleshooting tips
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The existing description leads the reader to believe that dropping CAP_SYS_PTRACE already blocks all ptraces. That is not true, it only blocks ptracing arbitrary processes. Ptracing child processes is still allowed.
* Removed is from line 80
Removed is from line 80 as this is not required
* changed text to link at line 129
changed text to link at line 129 to make it easy for user to navigate
* changed the URL to link
changed the URL to link for easy navigation
* added these before flags in line 186
added these before flags in line 186
Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
* Fix incorrect links in compose section
there's a bug causing wrapped links to not work, and replacing
some links to point to the .md file, so that IDE's can check
if the anchors are valid. Also replaced some links to point
to their new location.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* engine/swarm: update links
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Fix various broken links
There's a bug in the "jekyll-relative-links" plugin that causes wrapped links to not work.
Also replacing some links to point to the .md file, so that IDE's can check if the anchors
are valid. Finally, replaced some links to point to their new locations, so that users don't
get redirected..
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn