command: docker container create short: Create a new container long: "Creates a writeable container layer over the specified image and prepares it for\nrunning the specified command. The container ID is then printed to STDOUT. This\nis similar to **docker run -d** except the container is never started. You can \nthen use the **docker start ** command to start the container at\nany point.\n\nThe initial status of the container created with **docker create** is 'created'.\n\n# OPTIONS \n\nThe `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`\ncan be an absolute path or a `name` value. A `name` value must start with an\nalphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or\n`-` (hyphen). An absolute path starts with a `/` (forward slash).\n\nIf you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the\npath you specify. If you supply a `name`, Docker creates a named volume by that\n`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR`\nvalue. If you supply the `/foo` value, Docker creates a bind-mount. If you\nsupply the `foo` specification, Docker creates a named volume.\n\nYou can specify multiple **-v** options to mount one or more mounts to a\ncontainer. To use these same mounts in other containers, specify the\n**--volumes-from** option also.\n\nYou can add `:ro` or `:rw` suffix to a volume to mount it read-only or\nread-write mode, respectively. By default, the volumes are mounted read-write.\nSee examples.\n\nLabeling systems like SELinux require that proper labels are placed on volume\ncontent mounted into a container. Without a label, the security system might\nprevent the processes running inside the container from using the content. By\ndefault, Docker does not change the labels set by the OS.\n\nTo change a label in the container context, you can add either of two suffixes\n`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file\nobjects on the shared volumes. The `z` option tells Docker that two containers\nshare the volume content. As a result, Docker labels the content with a shared\ncontent label. Shared volume labels allow all containers to read/write content.\nThe `Z` option tells Docker to label the content with a private unshared label.\nOnly the current container can use a private volume.\n\nBy default bind mounted volumes are `private`. That means any mounts done\ninside container will not be visible on host and vice-a-versa. One can change\nthis behavior by specifying a volume mount propagation property. Making a\nvolume `shared` mounts done under that volume inside container will be\nvisible on host and vice-a-versa. Making a volume `slave` enables only one\nway mount propagation and that is mounts done on host under that volume\nwill be visible inside container but not the other way around.\n\nTo control mount propagation property of volume one can use `:[r]shared`,\n`:[r]slave` or `:[r]private` propagation flag. Propagation property can\nbe specified only for bind mounted volumes and not for internal volumes or\nnamed volumes. For mount propagation to work source mount point (mount point\nwhere source dir is mounted on) has to have right propagation properties. For\nshared volumes, source mount point has to be shared. And for slave volumes,\nsource mount has to be either shared or slave.\n\nUse `df ` to figure out the source mount and then use\n`findmnt -o TARGET,PROPAGATION ` to figure out propagation\nproperties of source mount. If `findmnt` utility is not available, then one\ncan look at mount entry for source mount point in `/proc/self/mountinfo`. Look\nat `optional fields` and see if any propagaion properties are specified.\n`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if\nnothing is there that means mount is `private`.\n\nTo change propagation properties of a mount point use `mount` command. For\nexample, if one wants to bind mount source directory `/foo` one can do\n`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This\nwill convert /foo into a `shared` mount point. Alternatively one can directly\nchange propagation properties of source mount. Say `/` is source mount for\n`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.\n\n> **Note**:\n> When using systemd to manage the Docker daemon's start and stop, in the systemd\n> unit file there is an option to control mount propagation for the Docker daemon\n> itself, called `MountFlags`. The value of this setting may cause Docker to not\n> see mount propagation changes made on the mount point. For example, if this value\n> is `slave`, you may not be able to use the `shared` or `rshared` propagation on\n> a volume.\n\n\nTo disable automatic copying of data from the container path to the volume, use\nthe `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes.\n\n# EXAMPLES\n\n## Specify isolation technology for container (--isolation)\n\nThis option is useful in situations where you are running Docker containers on\nWindows. The `--isolation=` option sets a container's isolation\ntechnology. On Linux, the only supported is the `default` option which uses\nLinux namespaces. On Microsoft Windows, you can specify these values:\n\n* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.\n* `process`: Namespace isolation only.\n* `hyperv`: Hyper-V hypervisor partition-based isolation.\n\nSpecifying the `--isolation` flag without a value is the same as setting `--isolation=\"default\"`.\n" usage: docker container create [OPTIONS] IMAGE [COMMAND] [ARG...] pname: docker container plink: docker_container.yaml options: - option: add-host default_value: '[]' description: Add a custom host-to-IP mapping (host:ip) - option: attach shorthand: a default_value: '[]' description: Attach to STDIN, STDOUT or STDERR - option: blkio-weight default_value: "0" description: | Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - option: blkio-weight-device default_value: '[]' description: Block IO weight (relative device weight) - option: cap-add default_value: '[]' description: Add Linux capabilities - option: cap-drop default_value: '[]' description: Drop Linux capabilities - option: cgroup-parent description: Optional parent cgroup for the container - option: cidfile description: Write the container ID to the file - option: cpu-count default_value: "0" description: CPU count (Windows only) - option: cpu-percent default_value: "0" description: CPU percent (Windows only) - option: cpu-period default_value: "0" description: Limit CPU CFS (Completely Fair Scheduler) period - option: cpu-quota default_value: "0" description: Limit CPU CFS (Completely Fair Scheduler) quota - option: cpu-rt-period default_value: "0" description: Limit CPU real-time period in microseconds - option: cpu-rt-runtime default_value: "0" description: Limit CPU real-time runtime in microseconds - option: cpu-shares shorthand: c default_value: "0" description: CPU shares (relative weight) - option: cpus default_value: "0.000" description: Number of CPUs - option: cpuset-cpus description: CPUs in which to allow execution (0-3, 0,1) - option: cpuset-mems description: MEMs in which to allow execution (0-3, 0,1) - option: credentialspec description: Credential spec for managed service account (Windows only) - option: device default_value: '[]' description: Add a host device to the container - option: device-read-bps default_value: '[]' description: Limit read rate (bytes per second) from a device - option: device-read-iops default_value: '[]' description: Limit read rate (IO per second) from a device - option: device-write-bps default_value: '[]' description: Limit write rate (bytes per second) to a device - option: device-write-iops default_value: '[]' description: Limit write rate (IO per second) to a device - option: disable-content-trust default_value: "true" description: Skip image verification - option: dns default_value: '[]' description: Set custom DNS servers - option: dns-opt default_value: '[]' description: Set DNS options - option: dns-option default_value: '[]' description: Set DNS options - option: dns-search default_value: '[]' description: Set custom DNS search domains - option: entrypoint description: Overwrite the default ENTRYPOINT of the image - option: env shorthand: e default_value: '[]' description: Set environment variables - option: env-file default_value: '[]' description: Read in a file of environment variables - option: expose default_value: '[]' description: Expose a port or a range of ports - option: group-add default_value: '[]' description: Add additional groups to join - option: health-cmd description: Command to run to check health - option: health-interval default_value: "0" description: Time between running the check (ns|us|ms|s|m|h) (default 0s) - option: health-retries default_value: "0" description: Consecutive failures needed to report unhealthy - option: health-timeout default_value: "0" description: | Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) - option: help default_value: "false" description: Print usage - option: hostname shorthand: h description: Container host name - option: init default_value: "false" description: | Run an init inside the container that forwards signals and reaps processes - option: init-path description: Path to the docker-init binary - option: interactive shorthand: i default_value: "false" description: Keep STDIN open even if not attached - option: io-maxbandwidth description: | Maximum IO bandwidth limit for the system drive (Windows only) - option: io-maxiops default_value: "0" description: Maximum IOps limit for the system drive (Windows only) - option: ip description: IPv4 address (e.g., 172.30.100.104) - option: ip6 description: IPv6 address (e.g., 2001:db8::33) - option: ipc description: IPC namespace to use - option: isolation description: Container isolation technology - option: kernel-memory description: Kernel memory limit - option: label shorthand: l default_value: '[]' description: Set meta data on a container - option: label-file default_value: '[]' description: Read in a line delimited file of labels - option: link default_value: '[]' description: Add link to another container - option: link-local-ip default_value: '[]' description: Container IPv4/IPv6 link-local addresses - option: log-driver description: Logging driver for the container - option: log-opt default_value: '[]' description: Log driver options - option: mac-address description: Container MAC address (e.g., 92:d0:c6:0a:29:33) - option: memory shorthand: m description: Memory limit - option: memory-reservation description: Memory soft limit - option: memory-swap description: | Swap limit equal to memory plus swap: '-1' to enable unlimited swap - option: memory-swappiness default_value: "-1" description: Tune container memory swappiness (0 to 100) - option: name description: Assign a name to the container - option: net default_value: default description: Connect a container to a network - option: net-alias default_value: '[]' description: Add network-scoped alias for the container - option: network default_value: default description: Connect a container to a network - option: network-alias default_value: '[]' description: Add network-scoped alias for the container - option: no-healthcheck default_value: "false" description: Disable any container-specified HEALTHCHECK - option: oom-kill-disable default_value: "false" description: Disable OOM Killer - option: oom-score-adj default_value: "0" description: Tune host's OOM preferences (-1000 to 1000) - option: pid description: PID namespace to use - option: pids-limit default_value: "0" description: Tune container pids limit (set -1 for unlimited) - option: privileged default_value: "false" description: Give extended privileges to this container - option: publish shorthand: p default_value: '[]' description: Publish a container's port(s) to the host - option: publish-all shorthand: P default_value: "false" description: Publish all exposed ports to random ports - option: read-only default_value: "false" description: Mount the container's root filesystem as read only - option: restart default_value: "no" description: Restart policy to apply when a container exits - option: rm default_value: "false" description: Automatically remove the container when it exits - option: runtime description: Runtime to use for this container - option: security-opt default_value: '[]' description: Security Options - option: shm-size description: Size of /dev/shm, default value is 64MB - option: stop-signal default_value: SIGTERM description: Signal to stop a container, SIGTERM by default - option: stop-timeout default_value: "0" description: Timeout (in seconds) to stop a container - option: storage-opt default_value: '[]' description: Storage driver options for the container - option: sysctl default_value: map[] description: Sysctl options - option: tmpfs default_value: '[]' description: Mount a tmpfs directory - option: tty shorthand: t default_value: "false" description: Allocate a pseudo-TTY - option: ulimit default_value: '[]' description: Ulimit options - option: user shorthand: u description: 'Username or UID (format: [:])' - option: userns description: User namespace to use - option: uts description: UTS namespace to use - option: volume shorthand: v default_value: '[]' description: Bind mount a volume - option: volume-driver description: Optional volume driver for the container - option: volumes-from default_value: '[]' description: Mount volumes from the specified container(s) - option: workdir shorthand: w description: Working directory inside the container