daemon during a build • For example most of the time you could add the .git folder to the .dockerignore https://docs.docker.com/reference/builder/#dockerignore
• Logs tailing with docker logs --tail • IPv6 support in --dns • Filter client output with docker ps –-filter • docker rm -f now kills container before removal instead of stop. • Testing framework and code coverage https://github.com/docker/docker/blob/master/CHANGELOG.md
of capabilities, all the other are dropped. • --privileged was introduced to grant access to all the capabilities. • In the release we will introduce --cap-add and --cap-drop
• Prevent any chown in the container: • Allow all capabilities but mknod: docker run --cap-add=NET_ADMIN ubuntu sh –c “ip link eth0 down” docker run --cap-drop=CAP_CHOWN ... docker run --cap-add=ALL --cap-drop=MKNOD ...
add devices by using a bind mount and --privileged . • In the next release we will introduce the --device flag. • To use your sound card without requiring privileged mode: docker run --device=/dev/snd:/dev/snd ...
exits: docker run --restart=always redis • Restart the container only when it fails, up to 5 times: docker run --restart=on-failure:5 redis • Default if no restart (as today)