github.com/walkingsparrow/docker@v1.4.2-0.20151218153551-b708a2249bfa/man/docker-create.1.md (about) 1 % DOCKER(1) Docker User Manuals 2 % Docker Community 3 % JUNE 2014 4 # NAME 5 docker-create - Create a new container 6 7 # SYNOPSIS 8 **docker create** 9 [**-a**|**--attach**[=*[]*]] 10 [**--add-host**[=*[]*]] 11 [**--blkio-weight**[=*[BLKIO-WEIGHT]*]] 12 [**--blkio-weight-device**[=*[]*]] 13 [**--cpu-shares**[=*0*]] 14 [**--cap-add**[=*[]*]] 15 [**--cap-drop**[=*[]*]] 16 [**--cgroup-parent**[=*CGROUP-PATH*]] 17 [**--cidfile**[=*CIDFILE*]] 18 [**--cpu-period**[=*0*]] 19 [**--cpu-quota**[=*0*]] 20 [**--cpuset-cpus**[=*CPUSET-CPUS*]] 21 [**--cpuset-mems**[=*CPUSET-MEMS*]] 22 [**--device**[=*[]*]] 23 [**--device-read-bps**[=*[]*]] 24 [**--device-write-bps**[=*[]*]] 25 [**--dns**[=*[]*]] 26 [**--dns-search**[=*[]*]] 27 [**--dns-opt**[=*[]*]] 28 [**-e**|**--env**[=*[]*]] 29 [**--entrypoint**[=*ENTRYPOINT*]] 30 [**--env-file**[=*[]*]] 31 [**--expose**[=*[]*]] 32 [**--group-add**[=*[]*]] 33 [**-h**|**--hostname**[=*HOSTNAME*]] 34 [**--help**] 35 [**-i**|**--interactive**[=*false*]] 36 [**--ipc**[=*IPC*]] 37 [**--isolation**[=*default*]] 38 [**--kernel-memory**[=*KERNEL-MEMORY*]] 39 [**-l**|**--label**[=*[]*]] 40 [**--label-file**[=*[]*]] 41 [**--link**[=*[]*]] 42 [**--log-driver**[=*[]*]] 43 [**--log-opt**[=*[]*]] 44 [**-m**|**--memory**[=*MEMORY*]] 45 [**--mac-address**[=*MAC-ADDRESS*]] 46 [**--memory-reservation**[=*MEMORY-RESERVATION*]] 47 [**--memory-swap**[=*MEMORY-SWAP*]] 48 [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] 49 [**--name**[=*NAME*]] 50 [**--net**[=*"bridge"*]] 51 [**--oom-kill-disable**[=*false*]] 52 [**--oom-score-adj**[=*0*]] 53 [**-P**|**--publish-all**[=*false*]] 54 [**-p**|**--publish**[=*[]*]] 55 [**--pid**[=*[]*]] 56 [**--privileged**[=*false*]] 57 [**--read-only**[=*false*]] 58 [**--restart**[=*RESTART*]] 59 [**--security-opt**[=*[]*]] 60 [**--stop-signal**[=*SIGNAL*]] 61 [**--shm-size**[=*[]*]] 62 [**-t**|**--tty**[=*false*]] 63 [**--tmpfs**[=*[CONTAINER-DIR[:<OPTIONS>]*]] 64 [**-u**|**--user**[=*USER*]] 65 [**--ulimit**[=*[]*]] 66 [**--uts**[=*[]*]] 67 [**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]] 68 [**--volume-driver**[=*DRIVER*]] 69 [**--volumes-from**[=*[]*]] 70 [**-w**|**--workdir**[=*WORKDIR*]] 71 IMAGE [COMMAND] [ARG...] 72 73 # DESCRIPTION 74 75 Creates a writeable container layer over the specified image and prepares it for 76 running the specified command. The container ID is then printed to STDOUT. This 77 is similar to **docker run -d** except the container is never started. You can 78 then use the **docker start <container_id>** command to start the container at 79 any point. 80 81 The initial status of the container created with **docker create** is 'created'. 82 83 # OPTIONS 84 **-a**, **--attach**=[] 85 Attach to STDIN, STDOUT or STDERR. 86 87 **--add-host**=[] 88 Add a custom host-to-IP mapping (host:ip) 89 90 **--blkio-weight**=*0* 91 Block IO weight (relative weight) accepts a weight value between 10 and 1000. 92 93 **--blkio-weight-device**=[] 94 Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). 95 96 **--cpu-shares**=*0* 97 CPU shares (relative weight) 98 99 **--cap-add**=[] 100 Add Linux capabilities 101 102 **--cap-drop**=[] 103 Drop Linux capabilities 104 105 **--cgroup-parent**="" 106 Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. 107 108 **--cidfile**="" 109 Write the container ID to the file 110 111 **--cpu-period**=*0* 112 Limit the CPU CFS (Completely Fair Scheduler) period 113 114 **--cpuset-cpus**="" 115 CPUs in which to allow execution (0-3, 0,1) 116 117 **--cpuset-mems**="" 118 Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. 119 120 If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` 121 then processes in your Docker container will only use memory from the first 122 two memory nodes. 123 124 **--cpu-quota**=*0* 125 Limit the CPU CFS (Completely Fair Scheduler) quota 126 127 **--device**=[] 128 Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) 129 130 **--device-read-bps**=[] 131 Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) 132 133 **--device-write-bps**=[] 134 Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) 135 136 **--dns**=[] 137 Set custom DNS servers 138 139 **--dns-opt**=[] 140 Set custom DNS options 141 142 **--dns-search**=[] 143 Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) 144 145 **-e**, **--env**=[] 146 Set environment variables 147 148 **--entrypoint**="" 149 Overwrite the default ENTRYPOINT of the image 150 151 **--env-file**=[] 152 Read in a line-delimited file of environment variables 153 154 **--expose**=[] 155 Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host 156 157 **--group-add**=[] 158 Add additional groups to run as 159 160 **-h**, **--hostname**="" 161 Container host name 162 163 **--help** 164 Print usage statement 165 166 **-i**, **--interactive**=*true*|*false* 167 Keep STDIN open even if not attached. The default is *false*. 168 169 **--ipc**="" 170 Default is to create a private IPC namespace (POSIX SysV IPC) for the container 171 'container:<name|id>': reuses another container shared memory, semaphores and message queues 172 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. 173 174 **--isolation**="*default*" 175 Isolation specifies the type of isolation technology used by containers. 176 177 **--kernel-memory**="" 178 Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g) 179 180 Constrains the kernel memory available to a container. If a limit of 0 181 is specified (not using `--kernel-memory`), the container's kernel memory 182 is not limited. If you specify a limit, it may be rounded up to a multiple 183 of the operating system's page size and the value can be very large, 184 millions of trillions. 185 186 **-l**, **--label**=[] 187 Adds metadata to a container (e.g., --label=com.example.key=value) 188 189 **--label-file**=[] 190 Read labels from a file. Delimit each label with an EOL. 191 192 **--link**=[] 193 Add link to another container in the form of <name or id>:alias or just 194 <name or id> in which case the alias will match the name. 195 196 **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" 197 Logging driver for container. Default is defined by daemon `--log-driver` flag. 198 **Warning**: the `docker logs` command works only for the `json-file` and 199 `journald` logging drivers. 200 201 **--log-opt**=[] 202 Logging driver specific options. 203 204 **-m**, **--memory**="" 205 Memory limit (format: <number>[<unit>], where unit = b, k, m or g) 206 207 Allows you to constrain the memory available to a container. If the host 208 supports swap memory, then the **-m** memory setting can be larger than physical 209 RAM. If a limit of 0 is specified (not using **-m**), the container's memory is 210 not limited. The actual limit may be rounded up to a multiple of the operating 211 system's page size (the value would be very large, that's millions of trillions). 212 213 **--mac-address**="" 214 Container MAC address (e.g. 92:d0:c6:0a:29:33) 215 216 **--memory-reservation**="" 217 Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g) 218 219 After setting memory reservation, when the system detects memory contention 220 or low memory, containers are forced to restrict their consumption to their 221 reservation. So you should always set the value below **--memory**, otherwise the 222 hard limit will take precedence. By default, memory reservation will be the same 223 as memory limit. 224 225 **--memory-swap**="" 226 Total memory limit (memory + swap) 227 228 Set `-1` to disable swap (format: <number>[<unit>], where unit = b, k, m or g). 229 This value should always larger than **-m**, so you should always use this with **-m**. 230 231 **--memory-swappiness**="" 232 Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. 233 234 **--name**="" 235 Assign a name to the container 236 237 **--net**="*bridge*" 238 Set the Network mode for the container 239 'bridge': create a network stack on the default Docker bridge 240 'none': no networking 241 'container:<name|id>': reuse another container's network stack 242 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. 243 '<network-name>|<network-id>': connect to a user-defined network 244 245 **--oom-kill-disable**=*true*|*false* 246 Whether to disable OOM Killer for the container or not. 247 248 **--oom-score-adj**="" 249 Tune the host's OOM preferences for containers (accepts -1000 to 1000) 250 251 **-P**, **--publish-all**=*true*|*false* 252 Publish all exposed ports to random ports on the host interfaces. The default is *false*. 253 254 **-p**, **--publish**=[] 255 Publish a container's port, or a range of ports, to the host 256 format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort 257 Both hostPort and containerPort can be specified as a range of ports. 258 When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) 259 (use 'docker port' to see the actual mapping) 260 261 **--pid**=*host* 262 Set the PID mode for the container 263 **host**: use the host's PID namespace inside the container. 264 Note: the host mode gives the container full access to local PID and is therefore considered insecure. 265 266 **--privileged**=*true*|*false* 267 Give extended privileges to this container. The default is *false*. 268 269 **--read-only**=*true*|*false* 270 Mount the container's root filesystem as read only. 271 272 **--restart**="*no*" 273 Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). 274 275 **--shm-size**="" 276 Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. 277 Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. 278 If you omit the size entirely, the system uses `64m`. 279 280 **--security-opt**=[] 281 Security Options 282 283 **--stop-signal**=*SIGTERM* 284 Signal to stop a container. Default is SIGTERM. 285 286 **-t**, **--tty**=*true*|*false* 287 Allocate a pseudo-TTY. The default is *false*. 288 289 **--tmpfs**=[] Create a tmpfs mount 290 291 Mount a temporary filesystem (`tmpfs`) mount into a container, for example: 292 293 $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image 294 295 This command mounts a `tmpfs` at `/tmp` within the container. The mount copies 296 the underlying content of `my_image` into `/tmp`. For example if there was a 297 directory `/tmp/content` in the base image, docker will copy this directory and 298 all of its content on top of the tmpfs mounted on `/tmp`. The supported mount 299 options are the same as the Linux default `mount` flags. If you do not specify 300 any options, the systems uses the following options: 301 `rw,noexec,nosuid,nodev,size=65536k`. 302 303 **-u**, **--user**="" 304 Username or UID 305 306 **--ulimit**=[] 307 Ulimit options 308 309 **--uts**=*host* 310 Set the UTS mode for the container 311 **host**: use the host's UTS namespace inside the container. 312 Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. 313 314 **-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] 315 Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker 316 bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker 317 container. If 'HOST-DIR' is omitted, Docker automatically creates the new 318 volume on the host. The `OPTIONS` are a comma delimited list and can be: 319 320 * [rw|ro] 321 * [z|Z] 322 * [`[r]shared`|`[r]slave`|`[r]private`] 323 324 The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` 325 can be an absolute path or a `name` value. A `name` value must start with an 326 alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or 327 `-` (hyphen). An absolute path starts with a `/` (forward slash). 328 329 If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the 330 path you specify. If you supply a `name`, Docker creates a named volume by that 331 `name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` 332 value. If you supply the `/foo` value, Docker creates a bind-mount. If you 333 supply the `foo` specification, Docker creates a named volume. 334 335 You can specify multiple **-v** options to mount one or more mounts to a 336 container. To use these same mounts in other containers, specify the 337 **--volumes-from** option also. 338 339 You can add `:ro` or `:rw` suffix to a volume to mount it read-only or 340 read-write mode, respectively. By default, the volumes are mounted read-write. 341 See examples. 342 343 Labeling systems like SELinux require that proper labels are placed on volume 344 content mounted into a container. Without a label, the security system might 345 prevent the processes running inside the container from using the content. By 346 default, Docker does not change the labels set by the OS. 347 348 To change a label in the container context, you can add either of two suffixes 349 `:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file 350 objects on the shared volumes. The `z` option tells Docker that two containers 351 share the volume content. As a result, Docker labels the content with a shared 352 content label. Shared volume labels allow all containers to read/write content. 353 The `Z` option tells Docker to label the content with a private unshared label. 354 Only the current container can use a private volume. 355 356 By default bind mounted volumes are `private`. That means any mounts done 357 inside container will not be visible on host and vice-a-versa. One can change 358 this behavior by specifying a volume mount propagation property. Making a 359 volume `shared` mounts done under that volume inside container will be 360 visible on host and vice-a-versa. Making a volume `slave` enables only one 361 way mount propagation and that is mounts done on host under that volume 362 will be visible inside container but not the other way around. 363 364 To control mount propagation property of volume one can use `:[r]shared`, 365 `:[r]slave` or `:[r]private` propagation flag. Propagation property can 366 be specified only for bind mounted volumes and not for internal volumes or 367 named volumes. For mount propagation to work source mount point (mount point 368 where source dir is mounted on) has to have right propagation properties. For 369 shared volumes, source mount point has to be shared. And for slave volumes, 370 source mount has to be either shared or slave. 371 372 Use `df <source-dir>` to figure out the source mount and then use 373 `findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation 374 properties of source mount. If `findmnt` utility is not available, then one 375 can look at mount entry for source mount point in `/proc/self/mountinfo`. Look 376 at `optional fields` and see if any propagaion properties are specified. 377 `shared:X` means mount is `shared`, `master:X` means mount is `slave` and if 378 nothing is there that means mount is `private`. 379 380 To change propagation properties of a mount point use `mount` command. For 381 example, if one wants to bind mount source directory `/foo` one can do 382 `mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This 383 will convert /foo into a `shared` mount point. Alternatively one can directly 384 change propagation properties of source mount. Say `/` is source mount for 385 `/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. 386 387 **--volume-driver**="" 388 Container's volume driver. This driver creates volumes specified either from 389 a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. 390 See **docker-volume-create(1)** for full details. 391 392 **--volumes-from**=[] 393 Mount volumes from the specified container(s) 394 395 **-w**, **--workdir**="" 396 Working directory inside the container 397 398 # EXAMPLES 399 400 ## Specify isolation technology for container (--isolation) 401 402 This option is useful in situations where you are running Docker containers on 403 Windows. The `--isolation=<value>` option sets a container's isolation 404 technology. On Linux, the only supported is the `default` option which uses 405 Linux namespaces. On Microsoft Windows, you can specify these values: 406 407 * `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. 408 * `process`: Namespace isolation only. 409 * `hyperv`: Hyper-V hypervisor partition-based isolation. 410 411 Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. 412 413 # HISTORY 414 August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au> 415 September 2014, updated by Sven Dowideit <SvenDowideit@home.org.au> 416 November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>