mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
73e08286f9
added the firewalld.service symbol in the After line docker will always start after firewalld, thus eliminating the issue of firewall blocking all mapped traffic. Signed-off-by: Ramon Brooker <Ramon.Brooker@imaginecommunications.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
29 lines
1 KiB
Desktop File
29 lines
1 KiB
Desktop File
[Unit]
|
|
Description=Docker Application Container Engine
|
|
Documentation=https://docs.docker.com
|
|
After=network.target docker.socket firewalld.service
|
|
Requires=docker.socket
|
|
|
|
[Service]
|
|
Type=notify
|
|
# the default is not to use systemd for cgroups because the delegate issues still
|
|
# exists and systemd currently does not support the cgroup feature set required
|
|
# for containers run by docker
|
|
ExecStart=/usr/bin/dockerd -H fd://
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
LimitNOFILE=1048576
|
|
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
|
# in the kernel. We recommend using cgroups to do container-local accounting.
|
|
LimitNPROC=infinity
|
|
LimitCORE=infinity
|
|
# Uncomment TasksMax if your systemd version supports it.
|
|
# Only systemd 226 and above support this version.
|
|
#TasksMax=infinity
|
|
TimeoutStartSec=0
|
|
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
|
Delegate=yes
|
|
# kill only the docker process, not all processes in the cgroup
|
|
KillMode=process
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|