Updating after the pr went through
Updating with comments. Signed-off-by: Mary Anthony <mary@docker.com>
This commit is contained in:
parent
09bfbfd74e
commit
3ce2797541
|
@ -400,18 +400,18 @@ used in other containers using the **--volumes-from** option.
|
||||||
read-only or read-write mode, respectively. By default, the volumes are mounted
|
read-only or read-write mode, respectively. By default, the volumes are mounted
|
||||||
read-write. See examples.
|
read-write. See examples.
|
||||||
|
|
||||||
Labeling systems like SELinux require proper labels be placed on volume content
|
Labeling systems like SELinux require that proper labels are placed on volume
|
||||||
mounted into a container, otherwise the secuirty system might prevent the
|
content mounted into a container. Without a label, the security system might
|
||||||
processes running inside the container from using the content. By default,
|
prevent the processes running inside the container from using the content. By
|
||||||
volumes are not relabeled.
|
default, Docker does not change the labels set by the OS.
|
||||||
|
|
||||||
Two suffixes :z or :Z can be added to the volume mount. These suffixes tell
|
To change a label in the container context, you can add either of two suffixes
|
||||||
Docker to relabel file objects on the shared volumes. The 'z' option tells
|
`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
|
||||||
Docker that the volume content will be shared between containers. Docker will
|
objects on the shared volumes. The `z` option tells Docker that two containers
|
||||||
label the content with a shared content label. Shared volumes labels allow all
|
share the volume content. As a result, Docker labels the content with a shared
|
||||||
containers to read/write content. The 'Z' option tells Docker to label the
|
content label. Shared volume labels allow all containers to read/write content.
|
||||||
content with a private unshared label. Private volumes can only be used by the
|
The `Z` option tells Docker to label the content with a private unshared label.
|
||||||
current container.
|
Only the current container can use a private volume.
|
||||||
|
|
||||||
Note: Multiple Volume options can be added separated by a ","
|
Note: Multiple Volume options can be added separated by a ","
|
||||||
|
|
||||||
|
|
|
@ -2206,18 +2206,18 @@ mount the volumes in read-only or read-write mode, respectively. By default,
|
||||||
the volumes are mounted in the same mode (read write or read only) as
|
the volumes are mounted in the same mode (read write or read only) as
|
||||||
the reference container.
|
the reference container.
|
||||||
|
|
||||||
Labeling systems like SELinux require proper labels be placed on volume content
|
Labeling systems like SELinux require that proper labels are placed on volume
|
||||||
mounted into a container, otherwise the security system might prevent the
|
content mounted into a container. Without a label, the security system might
|
||||||
processes running inside the container from using the content. By default,
|
prevent the processes running inside the container from using the content. By
|
||||||
volumes are not relabeled.
|
default, Docker does not change the labels set by the OS.
|
||||||
|
|
||||||
Two suffixes :z or :Z can be added to the volume mount. These suffixes tell
|
To change the label in the container context, you can add either of two suffixes
|
||||||
Docker to relabel file objects on the shared volumes. The 'z' option tells
|
`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
|
||||||
Docker that the volume content will be shared between containers. Docker will
|
objects on the shared volumes. The `z` option tells Docker that two containers
|
||||||
label the content with a shared content label. Shared volumes labels allow all
|
share the volume content. As a result, Docker labels the content with a shared
|
||||||
containers to read/write content. The 'Z' option tells Docker to label the
|
content label. Shared volume labels allow all containers to read/write content.
|
||||||
content with a private unshared label. Private volumes can only be used by the
|
The `Z` option tells Docker to label the content with a private unshared label.
|
||||||
current container.
|
Only the current container can use a private volume.
|
||||||
|
|
||||||
The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT`
|
The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT`
|
||||||
or `STDERR`. This makes it possible to manipulate the output and input as
|
or `STDERR`. This makes it possible to manipulate the output and input as
|
||||||
|
|
Loading…
Reference in New Issue