Container Engine

Container Engine

Docker daemon is a system process that resides in the background. Before you run a docker subcommand, start Docker daemon.

If the Docker daemon is installed using the RPM package or system package management tool, you can run the systemctl start docker command to start the Docker daemon.

The docker command supports the following parameters:

To combine parameters of a single character, run the following command:
```
docker run -t -i busybox /bin/sh
```
The command can be written as follows:
```
docker run -ti busybox /bin/sh
```
bool command parameters such as --icc=true, are displayed in the command help. If this parameter is not used, the default value displayed in the command help is used. If this parameter is used, the opposite value of the value displayed in the command help is used. In addition, if --icc is not added when Docker daemon is started, --icc=true is used by default. Otherwise, --icc=false is used.
Parameters such as --attach=[] in the command help indicate that these parameters can be set for multiple times. For example:
```
docker run --attach=stdin --attach=stdout -i -t busybox /bin/sh
```
Parameters such as -a and --attach=[] in the command help indicate that the parameter can be specified using either -a value or --attach=value. For example:
```
docker run -a stdin --attach=stdout -i -t busybox /bin/sh
```
Parameters such as --name="" can be configured with a character string and can be configured only once. Parameters such as -c= can be configured with an integer and can be configured only once.

Table 1 Parameters specified during the Docker daemon startup

Parameter	Description
--api-cors-header	CORS header information for enabling remote API calling. This interface supports the secondary development of upper-layer applications, which sets the CORS header for a remote API.
--authorization-plugin=[]	Authentication plug-in.
-b, --bridge=""	Existing bridge device mounting to the docker container. Note: none can be used to disable the network in the container.
--bip=""	Bridge IP address, which is automatically created using the CIDR address. Note: this parameter cannot be used with -b .
--cgroup-parent	cgroup parent directory configured for all containers.
--config-file=/etc/docker/daemon.json	Configuration file for starting Docker daemon.
--containerd	Socket path of containerd.
-D, --debug=false	Specifies whether to enable the debugging mode.
--default-gateway	Default gateway of the container IPv4 address.
--default-gateway-v6	Default gateway of the container IPv6 address.
--default-ulimit=[]	Default ulimit value of the container.
--disable-legacy-registry	Disables the original registry.
--dns=[]	DNS server of the forcibly used container. Example: --dns 8.8.x .x
--dns-opt=[]	DNS option.
--dns-search=[]	Forcibly searches DNS search domain name used by a container. Example: --dns-search example.com
--exec-opt=[]	Parameter to be executed when a container is started. For example, set the native.umask parameter. #The umask value of the started container is 0022.--exec-opt native.umask=normal #The umask value of the started container is 0027 (default value). --exec-opt native.umask=secure Note: If native.umask is also configured in docker create or docker run command, the configuration in command is used.
--exec-root=/var/run/docker	Root directory for storing the execution status file.
--fixed-cidr=""	Fixed IP address (for example, 10.20.0.0/16) of the subnet. The IP address of the subnet must belong to the network bridge.
--fixed-cidr-v6	Fixed IPv6 address.
-G, --group="docker"	Group assigned to the corresponding Unix socket in the background running mode. Note: When an empty string is configured for this parameter, the group information is removed.
-g, --graph="/var/lib/docker"	The root directory for running docker.
-H, --host=[]	Socket bound in background mode. One or more sockets can be configured using tcp://host:port, unix:///path to socket, fd://* or fd://socketfd. Example: $ dockerd -H tcp://0.0.0.0:2375 or $ export DOCKER_HOST="tcp://0.0.0.0:2375"
--insecure-registry=[]	Registry for insecure connections. By default, the Docker uses TLS certificates to ensure security for all connections. If the registry does not support HTTPS connections or the certificate is issued by an unknown certificate authority of the Docker daemon, you need to configure --insecure-registry=192.168.1.110:5000 when starting the daemon. This parameter needs to be configured if a private registry is used.
--image-layer-check=true	Image layer integrity check. To enable the function, set this parameter to true. Otherwise, set this parameter to false. If this parameter is not configured, the function is disabled by default. When Docker is started, the image layer integrity is checked. If the image layer is damaged, the related images are unavailable. Docker cannot verify empty files, directories, or link files. Therefore, if the preceding files are lost due to a power failure, the integrity check of Docker image data may fail. When the Docker version changes, check whether the parameter is supported. If not supported, delete it from the configuration file.
--icc=true	Enables communication between containers.
--ip="0.0.0.0"	Default IP address used when a container is bound to a port.
--ip-forward=true	Starts the net.ipv4.ip_forward process of the container.
--ip-masq=true	Enables IP spoofing.
--iptables=true	Starts the iptables rules defined by the Docker container.
-l, --log-level=info	Log level.
--label=[]	Daemon label, in key=value format.
--log-driver=json-file	Default log driver of container logs.
--log-opt=map[]	Log drive parameters.
--mtu=0	MTU value of the container network. If this parameter is not configured, value of route MTU is used by default. If the default route is not configured, set this parameter to the constant value 1500.
-p, --pidfile="/var/run/docker.pid"	PID file path of the background process.
--raw-logs	Logs with all timestamps and without the ANSI color scheme.
--registry-mirror=[]	Image registry preferentially used by the dockerd.
-s, --storage-driver=""	Storage driver used when a container is forcibly run.
--selinux-enabled=false	Enables SELinux. If the kernel version is 3.10.0-862.14 or later, this parameter cannot be set to true.
--storage-opt=[]	Storage driver parameter. This parameter is valid only when the storage driver is devicemapper. Example: dockerd --storage-opt dm.blocksize=512K
--tls=false	Enables the TLS authentication.
--tlscacert="/root/.docker/ca.pem"	Certificate file path that has been authenticated by the CA.
--tlscert="/root/.docker/cert.pem"	File path of the TLS certificates.
--tlskey="/root/.docker/key.pem"	File path of TLS keys.
--tlsverify=false	Verifies the communication between the background processes and the client using TLS.
--insecure-skip-verify-enforce	Whether to forcibly skip the verification of the certificate host or domain name. The default value is false.
--use-decrypted-key=true	Whether to use the decryption private key.
--userland-proxy=true	Whether to use the userland proxy for the container LO device.
--userns-remap	User namespace-based user mapping table in the container. NOTE: This parameter is not supported in the current version.

Container Engine

Bug Catching

Buggy Content

Bug Description

How satisfied are you with this document