The hardworking folk at Docker, Inc. are proud to announce the release of version 1.2.0 of Docker. We’ve made improvements throughout the Docker platform, including updates to Docker Engine, Docker Hub, and our documentation.
Highlights include these new features:
We added a
--restart flag to
docker run to specify a restart policy for your container. Currently, there are three policies available:
- no – Do not restart the container if it dies. (default)
- on-failure – Restart the container if it exits with a non-zero exit code.
- Can also accept an optional maximum restart count (e.g. on-failure:5).
- always – Always restart the container no matter what exit code is returned.
This deprecates the
--restart flag on the Docker daemon.
A few examples:
- Redis will endlessly try to restart if the container exits
docker run --restart=always redis
- If redis exits with a non-zero exit code, it will try to restart 5 times before giving up:
docker run --restart=on-failure:5 redis
Currently, Docker containers can either be given complete capabilities or they can all follow a whitelist of allowed capabilities while dropping all others. Further, previously, using
--privileged would grant all capabilities inside a container, rather than applying a whitelist. This was not recommended for production use because it’s really unsafe; it’s as if you were directly in the host.
This release introduces two new flags for docker run
--cap-drop that give you fine grain control over the capabilities you want grant to a particular container.
A few examples:
- To change the status of the container’s interfaces:
docker run --cap-add=NET_ADMIN ubuntu sh -c "ip link eth0 down"
- To prevent any `chown` in the container:
docker run --cap-drop=CHOWN ...
- To allow all capabilities except `mknod`:
docker run --cap-add=ALL --cap-drop=MKNOD ...
Previously, you could use devices inside your containers by bind mounting them ( with `-v`) in a
--privileged container. In this release, we introduce the
--device flag to `docker run` which lets you use a device without requiring a
- To use the sound card inside your container:
docker run --device=/dev/snd:/dev/snd ...
Writable `/etc/hosts`, `/etc/hostname` and `/etc/resolv.conf`
You can now edit
/etc/resolve.conf in a running container. This is useful if you need to install
bind or other services that might override one of those files.
Note, however, that changes to these files are not saved during a
docker build and so will not be preserved in the resulting image. The changes will only “stick” in a running container.
Docker proxy in a separate process
The Docker userland proxy that routes outbound traffic to your containers now has its own separate process (one process per connection). This greatly reduces the load on the daemon, which considerably increases stability and efficiency.
Other Improvements & Changes
- When using
docker rm -f,Docker now kills the container (instead of stopping it) before removing it . If you intend to stop the container cleanly the container, you can use docker stop.
- Add support for IPv6 addresses in
- Search on private registries
We hope you enjoy this release and find it useful. As always, please don’t hesitate to contact us with questions, comments or kudos.