Google's DNS servers are currently used by containers on the default
bridge network, when none of the host's /etc/resolv.conf nameservers
are usable (host loopback addresses that the container can't see).
But, if a server is supplied via the --dns option, it'll just appear
in the container's resolv.conf (on the default bridge) or as an
upstream server for the internal resolver.
So, fix the networking-intro page's description, noting that requests
to --dns servers happen in the container's namespace.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Since 26.0.0, IPv6 nameservers in the host's /etc/resolv.conf file
have been treated the same as IPv4 nameservers - the internal DNS
server will use them as upstream servers, they won't be left in the
container's resolv.conf. (So, there's no longer any race between
the internal server and IPv6 upstream servers when using musl-libc.)
Signed-off-by: Rob Murray <rob.murray@docker.com>
* update callouts
* link to release phase doc
* vale: add SCIM, Admin Console to vocabulary
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---------
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Improve visibility of air-gapped containers feature.
The air-gapped container feature is currently under the settings-management
section. This hides it from users. Instead, move it up one level by creating a
dedicated sub-section for it under Hardended Desktop section.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* nit: remove quotes from links in hardened desktop section.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Add air-gapped containers to security section grid.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fix broken link from release notes to air-gapped containers.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* A few improvements in the air-gapped containers docs.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fix capitalization of air-gapped container references.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Make air-gapped containers a single page rather than subsection.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Fixes to air-gapped containers section per review feedback.
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
---------
Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
* Update rootless.md
I just accomplished install via both manual and docker-ce-rootless-extras packages on Ubuntu 24.04. There were some pain points which I hope to address here and make this run more smoothly for others.
* As a `$` user, you cannot `cat<< EOF > /etc/apparmor.d`. The existing command should never work because you cannot be the user and access the apparmor folder at the same time. So we create the file and then move the file. This separates into creation which should be done as a user, and moving which requires sudo access. If the move command fails, that's a basic issue which can be resolved by an admin.
* I added missing apt-get commands which may be required on Ubuntu. I noticed `dbus-user-session` is a default package in Ubuntu and it was mentioned. So i took the liberty to add uidmap which is absolutely required, and systemd-container may be necessary for accessing via non-login terminals.
* The command `sudo systemctl disable --now docker.service docker.socket` was insufficient and requires a reboot to activate. The `sudo systemctl stop docker.service docker.socket` will immediately shut down the docker service.
* I added a note about not shutting down the docker service.
* Troubleshooting now includes an installation error where the user was a pure service account without login capabilities. `systemd-container` and `machinectl` is required when not logging in via terminal with user/pass.
* Add space per lint check
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* Update content/engine/security/rootless.md
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
* specific message
* don't stop the service, remove the dead socket
* Lint issue
---------
Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Allie Sadler
jakkula varun
Pradumna Saraf
Frederik Olberg
David Karlsson
Michael Mendy
CrazyMax
Ajeet Singh Raina, Docker Captain, ARM Innovator
Rob Murray
wtigotw
Stephanie Aurelio
Craig Osterhout
lexfromlau
Alano Terblanche
Cesar Talledo
Berke Sayın
Savannah Ostrowski
Paweł Gronowski
Delath
Adam Outler
Michael Irwin