mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #7931 from jamtur01/device
Added --device flag to run reference
This commit is contained in:
commit
bb8ea1fdc1
1 changed files with 8 additions and 1 deletions
|
@ -231,6 +231,7 @@ them via Docker.
|
|||
--cap-add: Add Linux capabilities
|
||||
--cap-drop: Drop Linux capabilities
|
||||
--privileged=false: Give extended privileges to this container
|
||||
--device=[]: Allows you to run devices inside the container without the --privileged flag.
|
||||
--lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
|
||||
|
||||
By default, Docker containers are "unprivileged" and cannot, for
|
||||
|
@ -243,11 +244,17 @@ https://www.kernel.org/doc/Documentation/cgroups/devices.txt)).
|
|||
|
||||
When the operator executes `docker run --privileged`, Docker will enable
|
||||
to access to all devices on the host as well as set some configuration
|
||||
in AppArmor to allow the container nearly all the same access to the
|
||||
in AppArmor or SELinux to allow the container nearly all the same access to the
|
||||
host as processes running outside containers on the host. Additional
|
||||
information about running with `--privileged` is available on the
|
||||
[Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
|
||||
|
||||
If you want to limit access to a specific device or devices you can use
|
||||
the `--device` flag. It allows you to specify one or more devices that
|
||||
will be accessible within the container.
|
||||
|
||||
$ docker run --device=/dev/snd:/dev/snd ...
|
||||
|
||||
In addition to `--privileged`, the operator can have fine grain control over the
|
||||
capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
|
||||
list of capabilities that are kept. Both flags support the value `all`, so if the
|
||||
|
|
Loading…
Reference in a new issue