Private repositories and private automated builds One free private repository when you sign up at http://hub.docker.com
What’s next in the Docker Engine?
Fine grain control over capabilities • Docker defines a whitelist of capabilities, al the other are dropped. • --privileged was introduced to grant access to al the capabilities. • In the release we wil introduce --cap-add and --cap-drop
--cap-add/--cap-drop examples • Change the status of the container’s interfaces:
docker run --cap-add=NET_ADMIN ubuntu sh –c “ip link eth0 down”
• Prevent any chown in the container: docker run --cap-drop=CAP_CHOWN ... • Allow al capabilities but mknod: docker run --cap-add=ALL --cap-drop=MKNOD ...
Adding host devices to a container • You could use add devices by using a bind mount and --privileged . • In the next release we wil introduce the --device flag.
• To use your sound card without requiring privileged mode: docker run --device=/dev/snd:/dev/snd ...
Restart policies • Restart the container as soon as it exits:
docker run --restart=always redis • Restart the container only when it fails, up to 5 times:
docker run --restart=on-failure:5 redis • Default if no restart (as today)