From 32c6179f475183ba778cb90656a971cde81340dc Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 9 Feb 2015 14:02:16 +1000 Subject: [PATCH] updates from review Signed-off-by: Sven Dowideit --- docs/sources/installation/binaries.md | 22 ++++++++++------------ docs/sources/installation/rhel.md | 10 ++++------ docs/sources/installation/ubuntulinux.md | 9 ++++----- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/docs/sources/installation/binaries.md b/docs/sources/installation/binaries.md index c5672d6f7a..ef9f5cafa2 100644 --- a/docs/sources/installation/binaries.md +++ b/docs/sources/installation/binaries.md @@ -36,14 +36,13 @@ A 3.10 Linux kernel is the minimum requirement for Docker. Kernels older than 3.10 lack some of the features required to run Docker containers. These older versions are known to have bugs which cause data loss and frequently panic under certain conditions. -We recommend kernel 3.10 or newer. The latest minor version (3.x.y) of the 3.10 (or a newer maintained version) Linux kernel is recommended. Keeping the kernel up to date with the latest minor version will ensure critical kernel bugs get fixed. > **Warning**: -> Installing custom kernels and kernel packages is likely to not be +> Installing custom kernels and kernel packages is probably not > supported by your Linux distribution's vendor. Please make sure to > ask your vendor about Docker support first before attempting to > install custom kernels on your distribution. @@ -56,7 +55,12 @@ minor version will ensure critical kernel bugs get fixed. Note that Docker also has a client mode, which can run on virtually any Linux kernel (it even builds on OS X!). -## Check if AppArmor and SELinux are enabled +## Enable AppArmor and SELinux when possible + +Please use AppArmor or SELinux if your Linux distribution supports +either of the two. This helps improve security and blocks certain +types of exploits. Your distribution's documentation should provide +detailed steps on how to enable the recommended security mechanism. Some Linux distributions enable AppArmor or SELinux by default and they run a kernel which doesn't meet the minimum requirements (3.10 @@ -64,22 +68,16 @@ or newer). Updating the kernel to 3.10 or newer on such a system might not be enough to start Docker and run containers. Incompatibilities between the version of AppArmor/SELinux user space utilities provided by the system and the kernel could prevent -Docker from running, from starting containers or make containers +Docker from running, from starting containers or, cause containers to exhibit unexpected behaviour. > **Warning**: -> If any of the two security mechanisms is enabled, it should not be +> If either of the security mechanisms is enabled, it should not be > disabled to make Docker or its containers run. This will reduce > security in that environment, lose support from the distribution's -> vendor for the system and might break regulations, and security +> vendor for the system, and might break regulations and security > policies in heavily regulated environments. -> **Warning**: -> Please use AppArmor or SELinux if your Linux distribution supports -> either of the two. This helps improve security and blocks certain -> types of exploits. Your distribution's documentation should provide -> detailed steps on how to enable the recommended security mechanism. - ## Get the docker binary: $ wget https://get.docker.com/builds/Linux/x86_64/docker-latest -O docker diff --git a/docs/sources/installation/rhel.md b/docs/sources/installation/rhel.md index 7f9f11a718..58b2316c6f 100644 --- a/docs/sources/installation/rhel.md +++ b/docs/sources/installation/rhel.md @@ -61,12 +61,10 @@ changes which will cause issues if one decides to step outside that box and run non-distro kernel packages. > **Warning**: -> Please make sure that your system is up to date by installing updates -> using `yum update` and rebooting your system. -> Keeping the system up to date is recommended to ensure your system -> receives fixes for critical security vulnerabilities and severe bugs. -> The fixes for severe bugs include fixes for potential kernel panics -> specific to kernel 2.6.32. +> Please keep your system up to date using `yum update` and rebooting +> your system. Keeping your system updated ensures critical security +> vulnerabilities and severe bugs (such as those found in kernel 2.6.32) +> are fixed. ## Installation diff --git a/docs/sources/installation/ubuntulinux.md b/docs/sources/installation/ubuntulinux.md index b61a4c5828..5f36b2a587 100644 --- a/docs/sources/installation/ubuntulinux.md +++ b/docs/sources/installation/ubuntulinux.md @@ -93,14 +93,13 @@ This installation path should work at all times. **Linux kernel 3.13** -Kernel 3.13 is currently the recommended kernel version for Ubuntu Precise. -Some Ubuntu Precise installs have an older kernel installed, so it must -be upgraded. The kernel you'll install when following these steps has AUFS -built in. +For Ubuntu Precise, the currently recommended kernel version is 3.13. +Ubuntu Precise installations with older kernels must be upgraded. The +kernel you'll install when following these steps has AUFS built in. We also include the generic headers to enable packages that depend on them, like ZFS and the VirtualBox guest additions. If you didn't install the headers for your "precise" kernel, then you can skip these headers for the -"trusty" kernel. It is safer to include the headers if you're not sure. +"trusty" kernel. If you're unsure, you should include the headers for safety. > **Warning**: > Kernels 3.8 and 3.11 are no longer supported by Canonical. Systems