Merge pull request #10652 from SvenDowideit/update-9456

update kernel reqs doc; recommend updates on RHEL

docs/sources/installation/binaries.md

@@ -32,18 +32,52 @@ runtime:
 Docker in daemon mode has specific kernel requirements. For details,
 check your distribution in [*Installation*](../#installation-list).
 
-In general, a 3.8 Linux kernel is the minimum requirement for Docker, as
-some of the prior versions have known issues that are triggered by Docker.
-Linux kernel versions older than 3.8 are known to cause kernel panics and
-to break Docker.
+A 3.10 Linux kernel is the minimum requirement for Docker.
+Kernels older than 3.10 lack some of the features required to run Docker
+containers. These older versions are known to have bugs which cause data loss
+and frequently panic under certain conditions.
 
 The latest minor version (3.x.y) of the 3.10 (or a newer maintained version)
 Linux kernel is recommended. Keeping the kernel up to date with the latest
 minor version will ensure critical kernel bugs get fixed.
 
+> **Warning**:
+> Installing custom kernels and kernel packages is probably not
+> supported by your Linux distribution's vendor. Please make sure to
+> ask your vendor about Docker support first before attempting to
+> install custom kernels on your distribution.
+
+> **Warning**:
+> Installing a newer kernel might not be enough for some distributions
+> which provide packages which are too old or incompatible with
+> newer kernels.
+
 Note that Docker also has a client mode, which can run on virtually any
 Linux kernel (it even builds on OS X!).
 
+## Enable AppArmor and SELinux when possible
+
+Please use AppArmor or SELinux if your Linux distribution supports
+either of the two. This helps improve security and blocks certain
+types of exploits. Your distribution's documentation should provide
+detailed steps on how to enable the recommended security mechanism.
+
+Some Linux distributions enable AppArmor or SELinux by default and
+they run a kernel which doesn't meet the minimum requirements (3.10
+or newer). Updating the kernel to 3.10 or newer on such a system
+might not be enough to start Docker and run containers.
+Incompatibilities between the version of AppArmor/SELinux user
+space utilities provided by the system and the kernel could prevent
+Docker from running, from starting containers or, cause containers to
+exhibit unexpected behaviour.
+
+> **Warning**:
+> If either of the security mechanisms is enabled, it should not be
+> disabled to make Docker or its containers run. This will reduce
+> security in that environment, lose support from the distribution's
+> vendor for the system, and might break regulations and security
+> policies in heavily regulated environments.
+
 ## Get the docker binary:
 
     $ wget https://get.docker.com/builds/Linux/x86_64/docker-latest -O docker

docs/sources/installation/rhel.md

@@ -53,6 +53,21 @@ this package is part of [Extra Packages for Enterprise Linux
 (EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort to
 create and maintain additional packages for the RHEL distribution.
 
+### Kernel support
+
+RHEL will only support Docker via the *extras* channel or EPEL package when
+running on kernels shipped by the distribution. There are things like namespace
+changes which will cause issues if one decides to step outside that box and run
+non-distro kernel packages.
+
+> **Warning**:
+> Please keep your system up to date using `yum update` and rebooting
+> your system. Keeping your system updated ensures critical security
+>  vulnerabilities and severe bugs (such as those found in kernel 2.6.32)
+> are fixed.
+
+## Installation
+
 Firstly, you need to install the EPEL repository. Please follow the
 [EPEL installation
 instructions](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F).

docs/sources/installation/ubuntulinux.md

@@ -91,15 +91,22 @@ This installation path should work at all times.
 
 ### Dependencies
 
-**Linux kernel 3.8**
+**Linux kernel 3.13**
 
-Due to a bug in LXC, Docker works best on the 3.8 kernel. Precise comes
-with a 3.2 kernel, so we need to upgrade it. The kernel you'll install
-when following these steps comes with AUFS built in. We also include the
-generic headers to enable packages that depend on them, like ZFS and the
-VirtualBox guest additions. If you didn't install the headers for your
-"precise" kernel, then you can skip these headers for the "raring"
-kernel. But it is safer to include them if you're not sure.
+For Ubuntu Precise, the currently recommended kernel version is 3.13.
+Ubuntu Precise installations with older kernels must be upgraded. The
+kernel you'll install when following these steps has AUFS built in.
+We also include the generic headers to enable packages that depend on them,
+like ZFS and the VirtualBox guest additions. If you didn't install the
+headers for your "precise" kernel, then you can skip these headers for the
+"trusty" kernel. If you're unsure, you should include the headers for safety.
+
+> **Warning**:
+> Kernels 3.8 and 3.11 are no longer supported by Canonical. Systems
+> running these kernels need to be updated using the instructions below.
+> Running Docker on these unsupported systems isn't supported either.
+> These old kernels are no longer patched for security vulnerabilities
+> and severe bugs which lead to data loss.
 
 Please read the installation instructions for backported kernels at
 Ubuntu.org to understand why you also need to install the Xorg packages
@@ -109,10 +116,10 @@ each version.
 
     # install the backported kernel
     $ sudo apt-get update
-    $ sudo apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring
+    $ sudo apt-get install linux-image-generic-lts-trusty linux-headers-generic-lts-trusty
     
     # install the backported kernel and xorg if using Unity/Xorg
-    $ sudo apt-get install --install-recommends linux-generic-lts-raring xserver-xorg-lts-raring libgl1-mesa-glx-lts-raring
+    $ sudo apt-get install --install-recommends linux-generic-lts-trusty xserver-xorg-lts-trusty libgl1-mesa-glx-lts-trusty
 
     # reboot
     $ sudo reboot