AppArmor security profiles for Docker AppArmor (Application Armor) is a Linux security module that protects an operating system and its applications from security threats. To use it, a system administrator associates an AppArmor security profile with each program. Docker expects to find an AppArmor policy loaded and enforced. Docker automatically loads container profiles. The Docker binary installs a docker-default profile in the /etc/apparmor.d/docker file. This profile is used on containers,

scale Usage: scale [SERVICE=NUM...] Sets the number of containers to run for a service. Numbers are specified as arguments in the form service=num. For example: $ docker-compose scale web=2 worker=3

events Usage: events [options] [SERVICE...] Options: --json Output events as a stream of json objects Stream container events for every container in the project. With the --json flag, a json object will be printed one per line with the format: { "service": "web", "event": "create", "container": "213cf75fc39a", "image": "alpine:edge", "time": "2015-11-20T18:01:03.615550", }

Breaking changes and incompatibilities Every Engine release strives to be backward compatible with its predecessors. In all cases, the policy is that feature removal is communicated two releases in advance and documented as part of the deprecated features page. Unfortunately, Docker is a fast moving project, and newly introduced features may sometime introduce breaking changes and/or incompatibilities. This page documents these by Engine version. Engine 1.10 There were two breaking changes in t

Understand Engine plugins You can extend the capabilities of the Docker Engine by loading third-party plugins. This page explains the types of plugins and provides links to several volume and network plugins for Docker. Types of plugins Plugins extend Docker’s functionality. They come in specific types. For example, a volume plugin might enable Docker volumes to persist across multiple Docker hosts and a network plugin might provide network plumbing. Currently Docker supports authorization, vol

Controlling startup order in Compose You can control the order of service startup with the depends_on option. Compose always starts containers in dependency order, where dependencies are determined by depends_on, links, volumes_from and network_mode: "service:...". However, Compose will not wait until a container is “ready” (whatever that means for your particular application) - only until it’s running. There’s a good reason for this. The problem of waiting for a database (for example) to be re

attach Usage: docker attach [OPTIONS] CONTAINER Attach to a running container --detach-keys="<sequence>" Set up escape key sequence --help Print usage --no-stdin Do not attach STDIN --sig-proxy=true Proxy all received signals to the process The docker attach command allows you to attach to a running container using the container’s ID or name, either to view its ongoing output or to control it interactively. Y

Best practices for writing Dockerfiles Docker can build images automatically by reading the instructions from a Dockerfile, a text file that contains all the commands, in order, needed to build a given image. Dockerfiles adhere to a specific format and use a specific set of instructions. You can learn the basics on the Dockerfile Reference page. If you’re new to writing Dockerfiles, you should start there. This document covers the best practices and methods recommended by Docker, Inc. and the D

start Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] Start one or more containers -a, --attach Attach STDOUT/STDERR and forward signals --detach-keys Specify the escape key sequence used to detach a container --help Print usage -i, --interactive Attach container's STDIN

docker network ls Usage: docker network ls [OPTIONS] Lists all the networks created by the user -f, --filter=[] Filter output based on conditions provided --help Print usage --no-trunc Do not truncate the output -q, --quiet Only display numeric IDs Lists all the networks the Engine daemon knows about. This includes the networks that span across multiple hosts in a cluster, for example: $ sudo docker network ls NETWORK ID NAME