
     1  page_title: Command Line Interface
     2  page_description: Docker's CLI command description and usage
     3  page_keywords: Docker, Docker documentation, CLI, command line
     5  # Command Line
     9  To list available commands, either run `docker` with no parameters
    10  or execute `docker help`:
    12      $ sudo docker
    13        Usage: docker [OPTIONS] COMMAND [arg...]
    14          -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
    16        A self-sufficient runtime for Linux containers.
    18        ...
    20  ## Help
    21  To list the help on any command just execute the command, followed by the `--help` option.
    23      $ sudo docker run --help
    25      Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
    27      Run a command in a new container
    29        -a, --attach=[]            Attach to STDIN, STDOUT or STDERR.
    30        -c, --cpu-shares=0         CPU shares (relative weight)
    31      ...
    33  ## Option types
    35  Single character command line options can be combined, so rather than
    36  typing `docker run -t -i --name test busybox sh`,
    37  you can write `docker run -ti --name test busybox sh`.
    39  ### Boolean
    41  Boolean options take the form `-d=false`. The value you see in the help text is the
    42  default value which is set if you do **not** specify that flag. If you specify
    43  a Boolean flag without a value, this will set the flag to `true`, irrespective
    44  of the default value.
    46  For example, running `docker run -d` will set the value to `true`, so
    47  your container **will** run in "detached" mode, in the background.
    49  Options which default to `true` (e.g., `docker build --rm=true`) can only
    50  be set to the non-default value by explicitly setting them to `false`:
    52      $ docker build --rm=false .
    54  ### Multi
    56  Options like `-a=[]` indicate they can be specified multiple times:
    58      $ sudo docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash
    60  Sometimes this can use a more complex value string, as for `-v`:
    62      $ sudo docker run -v /host:/container example/mysql
    64  ### Strings and Integers
    66  Options like `--name=""` expect a string, and they
    67  can only be specified once. Options like `-c=0`
    68  expect an integer, and they can only be specified once.
    70  ## daemon
    72      Usage: docker [OPTIONS] COMMAND [arg...]
    74      A self-sufficient runtime for linux containers.
    76      Options:
    77        --api-enable-cors=false                    Enable CORS headers in the remote API
    78        -b, --bridge=""                            Attach containers to a pre-existing network bridge
    79                                                     use 'none' to disable container networking
    80        --bip=""                                   Use this CIDR notation address for the network bridge's IP, not compatible with -b
    81        -D, --debug=false                          Enable debug mode
    82        -d, --daemon=false                         Enable daemon mode
    83        --dns=[]                                   Force Docker to use specific DNS servers
    84        --dns-search=[]                            Force Docker to use specific DNS search domains
    85        -e, --exec-driver="native"                 Force the Docker runtime to use a specific exec driver
    86        --fixed-cidr=""                            IPv4 subnet for fixed IPs (e.g.:
    87                                                     this subnet must be nested in the bridge subnet (which is defined by -b or --bip)
    88        --fixed-cidr-v6=""                         IPv6 subnet for global IPs (e.g.: 2a00:1450::/64)
    89        -G, --group="docker"                       Group to assign the unix socket specified by -H when running in daemon mode
    90                                                     use '' (the empty string) to disable setting of a group
    91        -g, --graph="/var/lib/docker"              Path to use as the root of the Docker runtime
    92        -H, --host=[]                              The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
    93        --icc=true                                 Allow unrestricted inter-container and Docker daemon host communication
    94        --insecure-registry=[]                     Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or
    95        --ip=                               Default IP address to use when binding container ports
    96        --ip-forward=true                          Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement.
    97        --ip-masq=true                             Enable IP masquerading for bridge's IP range
    98        --iptables=true                            Enable Docker's addition of iptables rules
    99        --ipv6=false                               Enable Docker IPv6 support
   100         -l, --log-level="info"                    Set the logging level (debug, info, warn, error, fatal)
   101        --label=[]                                 Set key=value labels to the daemon (displayed in `docker info`)
   102        --mtu=0                                    Set the containers network MTU
   103                                                     if no value is provided: default to the default route MTU or 1500 if no default route is available
   104        -p, --pidfile="/var/run/"        Path to use for daemon PID file
   105        --registry-mirror=[]                       Specify a preferred Docker registry mirror
   106        -s, --storage-driver=""                    Force the Docker runtime to use a specific storage driver
   107        --selinux-enabled=false                    Enable selinux support. SELinux does not presently support the BTRFS storage driver
   108        --storage-opt=[]                           Set storage driver options
   109        --tls=false                                Use TLS; implied by --tlsverify flag
   110        --tlscacert="/home/sven/.docker/ca.pem"    Trust only remotes providing a certificate signed by the CA given here
   111        --tlscert="/home/sven/.docker/cert.pem"    Path to TLS certificate file
   112        --tlskey="/home/sven/.docker/key.pem"      Path to TLS key file
   113        --tlsverify=false                          Use TLS and verify the remote (daemon: verify client, client: verify daemon)
   114        -v, --version=false                        Print version information and quit
   116  Options with [] may be specified multiple times.
   118  The Docker daemon is the persistent process that manages containers.
   119  Docker uses the same binary for both the daemon and client. To run the
   120  daemon you provide the `-d` flag.
   123  To run the daemon with debug output, use `docker -d -D`.
   125  ### Daemon socket option
   127  The Docker daemon can listen for [Docker Remote API](/reference/api/docker_remote_api/)
   128  requests via three different types of Socket: `unix`, `tcp`, and `fd`.
   130  By default, a `unix` domain socket (or IPC socket) is created at `/var/run/docker.sock`,
   131  requiring either `root` permission, or `docker` group membership.
   133  If you need to access the Docker daemon remotely, you need to enable the `tcp`
   134  Socket. Beware that the default setup provides un-encrypted and un-authenticated
   135  direct access to the Docker daemon - and should be secured either using the
   136  [built in HTTPS encrypted socket](/articles/https/), or by putting a secure web
   137  proxy in front of it. You can listen on port `2375` on all network interfaces
   138  with `-H tcp://`, or on a particular network interface using its IP
   139  address: `-H tcp://`. It is conventional to use port `2375`
   140  for un-encrypted, and port `2376` for encrypted communication with the daemon.
   142  > **Note** If you're using an HTTPS encrypted socket, keep in mind that only TLS1.0
   143  > and greater are supported. Protocols SSLv3 and under are not supported anymore
   144  > for security reasons.
   146  On Systemd based systems, you can communicate with the daemon via
   147  [Systemd socket activation](, use
   148  `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but
   149  you can also specify individual sockets: `docker -d -H fd://3`. If the
   150  specified socket activated files aren't found, then Docker will exit. You
   151  can find examples of using Systemd socket activation with Docker and
   152  Systemd in the [Docker source tree](
   155  You can configure the Docker daemon to listen to multiple sockets at the same
   156  time using multiple `-H` options:
   158      # listen using the default unix socket, and on 2 specific IP addresses on this host.
   159      docker -d -H unix:///var/run/docker.sock -H tcp:// -H tcp://
   161  The Docker client will honor the `DOCKER_HOST` environment variable to set
   162  the `-H` flag for the client.
   164      $ sudo docker -H tcp:// ps
   165      # or
   166      $ export DOCKER_HOST="tcp://"
   167      $ sudo docker ps
   168      # both are equal
   170  Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than the empty
   171  string is equivalent to setting the `--tlsverify` flag. The following are equivalent:
   173      $ sudo docker --tlsverify ps
   174      # or
   175      $ export DOCKER_TLS_VERIFY=1
   176      $ sudo docker ps
   178  The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
   179  environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes
   180  precedence over `HTTP_PROXY`. If you happen to have a proxy configured with the
   181  `HTTP_PROXY` or `HTTPS_PROXY` environment variables but still want to
   182  communicate with the Docker daemon over its default `unix` domain socket,
   183  setting the `NO_PROXY` environment variable to the path of the socket
   184  (`/var/run/docker.sock`) is required.
   186  ### Daemon storage-driver option
   188  The Docker daemon has support for several different image layer storage drivers: `aufs`,
   189  `devicemapper`, `btrfs` and `overlay`.
   191  The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that
   192  is unlikely to be merged into the main kernel. These are also known to cause some
   193  serious kernel crashes. However, `aufs` is also the only storage driver that allows
   194  containers to share executable and shared library memory, so is a useful choice
   195  when running thousands of containers with the same program or libraries.
   197  The `devicemapper` driver uses thin provisioning and Copy on Write (CoW)
   198  snapshots. For each devicemapper graph location – typically
   199  `/var/lib/docker/devicemapper` – a thin pool is created based on two block
   200  devices, one for data and one for metadata.  By default, these block devices
   201  are created automatically by using loopback mounts of automatically created
   202  sparse files. Refer to [Storage driver options](#storage-driver-options) below
   203  for a way how to customize this setup.
   204  [~jpetazzo/Resizing Docker containers with the Device Mapper plugin](
   205 article
   206  explains how to tune your existing setup without the use of options.
   208  The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not
   209  share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`.
   211  The `overlay` is a very fast union filesystem. It is now merged in the main
   212  Linux kernel as of [3.18.0](
   213  Call `docker -d -s overlay` to use it. 
   214  > **Note:** 
   215  > It is currently unsupported on `btrfs` or any Copy on Write filesystem
   216  > and should only be used over `ext4` partitions.
   218  #### Storage driver options
   220  Particular storage-driver can be configured with options specified with
   221  `--storage-opt` flags. The only driver accepting options is `devicemapper` as
   222  of now. All its options are prefixed with `dm`.
   224  Currently supported options are:
   226   *  `dm.basesize`
   228      Specifies the size to use when creating the base device, which limits the
   229      size of images and containers. The default value is 10G. Note, thin devices
   230      are inherently "sparse", so a 10G device which is mostly empty doesn't use
   231      10 GB of space on the pool. However, the filesystem will use more space for
   232      the empty case the larger the device is.
   234       **Warning**: This value affects the system-wide "base" empty filesystem
   235       that may already be initialized and inherited by pulled images. Typically,
   236       a change to this value will require additional steps to take effect:
   238          $ sudo service docker stop
   239          $ sudo rm -rf /var/lib/docker
   240          $ sudo service docker start
   242      Example use:
   244          $ sudo docker -d --storage-opt dm.basesize=20G
   246   *  `dm.loopdatasize`
   248      Specifies the size to use when creating the loopback file for the "data"
   249      device which is used for the thin pool. The default size is 100G. Note that
   250      the file is sparse, so it will not initially take up this much space.
   252      Example use:
   254          $ sudo docker -d --storage-opt dm.loopdatasize=200G
   256   *  `dm.loopmetadatasize`
   258      Specifies the size to use when creating the loopback file for the
   259      "metadata" device which is used for the thin pool. The default size is 2G.
   260      Note that the file is sparse, so it will not initially take up this much
   261      space.
   263      Example use:
   265          $ sudo docker -d --storage-opt dm.loopmetadatasize=4G
   267   *  `dm.fs`
   269      Specifies the filesystem type to use for the base device. The supported
   270      options are "ext4" and "xfs". The default is "ext4"
   272      Example use:
   274          $ sudo docker -d --storage-opt dm.fs=xfs
   276   *  `dm.mkfsarg`
   278      Specifies extra mkfs arguments to be used when creating the base device.
   280      Example use:
   282          $ sudo docker -d --storage-opt "dm.mkfsarg=-O ^has_journal"
   284   *  `dm.mountopt`
   286      Specifies extra mount options used when mounting the thin devices.
   288      Example use:
   290          $ sudo docker -d --storage-opt dm.mountopt=nodiscard
   292   *  `dm.datadev`
   294      Specifies a custom blockdevice to use for data for the thin pool.
   296      If using a block device for device mapper storage, ideally both datadev and
   297      metadatadev should be specified to completely avoid using the loopback
   298      device.
   300      Example use:
   302          $ sudo docker -d \
   303              --storage-opt dm.datadev=/dev/sdb1 \
   304              --storage-opt dm.metadatadev=/dev/sdc1
   306   *  `dm.metadatadev`
   308      Specifies a custom blockdevice to use for metadata for the thin pool.
   310      For best performance the metadata should be on a different spindle than the
   311      data, or even better on an SSD.
   313      If setting up a new metadata pool it is required to be valid. This can be
   314      achieved by zeroing the first 4k to indicate empty metadata, like this:
   316          $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1
   318      Example use:
   320          $ sudo docker -d \
   321              --storage-opt dm.datadev=/dev/sdb1 \
   322              --storage-opt dm.metadatadev=/dev/sdc1
   324   *  `dm.blocksize`
   326      Specifies a custom blocksize to use for the thin pool. The default
   327      blocksize is 64K.
   329      Example use:
   331          $ sudo docker -d --storage-opt dm.blocksize=512K
   333   *  `dm.blkdiscard`
   335      Enables or disables the use of blkdiscard when removing devicemapper
   336      devices. This is enabled by default (only) if using loopback devices and is
   337      required to resparsify the loopback file on image/container removal.
   339      Disabling this on loopback can lead to *much* faster container removal
   340      times, but will make the space used in `/var/lib/docker` directory not be
   341      returned to the system for other use when containers are removed.
   343      Example use:
   345          $ sudo docker -d --storage-opt dm.blkdiscard=false
   347  ### Docker exec-driver option
   349  The Docker daemon uses a specifically built `libcontainer` execution driver as its
   350  interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`.
   352  There is still legacy support for the original [LXC userspace tools](
   353 via the `lxc` execution driver, however, this is
   354  not where the primary development of new functionality is taking place.
   355  Add `-e lxc` to the daemon flags to use the `lxc` execution driver.
   358  ### Daemon DNS options
   360  To set the DNS server for all Docker containers, use
   361  `docker -d --dns`.
   363  To set the DNS search domain for all Docker containers, use
   364  `docker -d --dns-search`.
   366  ### Insecure registries
   368  Docker considers a private registry either secure or insecure.
   369  In the rest of this section, *registry* is used for *private registry*, and `myregistry:5000`
   370  is a placeholder example for a private registry.
   372  A secure registry uses TLS and a copy of its CA certificate is placed on the Docker host at
   373  `/etc/docker/certs.d/myregistry:5000/ca.crt`.
   374  An insecure registry is either not using TLS (i.e., listening on plain text HTTP), or is using
   375  TLS with a CA certificate not known by the Docker daemon. The latter can happen when the
   376  certificate was not found under `/etc/docker/certs.d/myregistry:5000/`, or if the certificate
   377  verification failed (i.e., wrong CA).
   379  By default, Docker assumes all, but local (see local registries below), registries are secure.
   380  Communicating with an insecure registry is not possible if Docker assumes that registry is secure.
   381  In order to communicate with an insecure registry, the Docker daemon requires `--insecure-registry`
   382  in one of the following two forms: 
   384  * `--insecure-registry myregistry:5000` tells the Docker daemon that myregistry:5000 should be considered insecure.
   385  * `--insecure-registry` tells the Docker daemon that all registries whose domain resolve to an IP address is part
   386  of the subnet described by the CIDR syntax, should be considered insecure.
   388  The flag can be used multiple times to allow multiple registries to be marked as insecure.
   390  If an insecure registry is not marked as insecure, `docker pull`, `docker push`, and `docker search`
   391  will result in an error message prompting the user to either secure or pass the `--insecure-registry`
   392  flag to the Docker daemon as described above.
   394  Local registries, whose IP address falls in the range, are automatically marked as insecure
   395  as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future.
   397  ### Running a Docker daemon behind a HTTPS_PROXY
   399  When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub certificates
   400  will be replaced by the proxy's certificates. These certificates need to be added
   401  to your Docker host's configuration:
   403  1. Install the `ca-certificates` package for your distribution
   404  2. Ask your network admin for the proxy's CA certificate and append them to
   405     `/etc/pki/tls/certs/ca-bundle.crt`
   406  3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ docker -d`.
   407     The `username:` and `password@` are optional - and are only needed if your proxy
   408     is set up to require authentication.
   410  This will only add the proxy and authentication to the Docker daemon's requests -
   411  your `docker build`s and running containers will need extra configuration to use
   412  the proxy
   414  ### Miscellaneous options
   416  IP masquerading uses address translation to allow containers without a public IP to talk
   417  to other machines on the Internet. This may interfere with some network topologies and
   418  can be disabled with --ip-masq=false.
   420  Docker supports softlinks for the Docker data directory
   421  (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this:
   423      DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
   424      # or
   425      export DOCKER_TMPDIR=/mnt/disk2/tmp
   426      /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
   429  ## attach
   431      Usage: docker attach [OPTIONS] CONTAINER
   433      Attach to a running container
   435        --no-stdin=false    Do not attach STDIN
   436        --sig-proxy=true    Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.
   438  The `docker attach` command allows you to attach to a running container using
   439  the container's ID or name, either to view its ongoing output or to control it
   440  interactively.  You can attach to the same contained process multiple times
   441  simultaneously, screen sharing style, or quickly view the progress of your
   442  daemonized process.
   444  You can detach from the container (and leave it running) with `CTRL-p CTRL-q`
   445  (for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container.
   446  When you are attached to a container, and exit its main process, the process's
   447  exit code will be returned to the client.
   449  It is forbidden to redirect the standard input of a `docker attach` command while
   450  attaching to a tty-enabled container (i.e.: launched with `-t`).
   452  #### Examples
   454      $ sudo docker run -d --name topdemo ubuntu /usr/bin/top -b)
   455      $ sudo docker attach topdemo
   456      top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
   457      Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
   458      Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
   459      Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
   460      Swap:   786428k total,        0k used,   786428k free,   221740k cached
   462      PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
   463       1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
   465       top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
   466       Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
   467       Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
   468       Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
   469       Swap:   786428k total,        0k used,   786428k free,   221776k cached
   471         PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
   472             1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
   475       top - 02:05:58 up  3:06,  0 users,  load average: 0.01, 0.02, 0.05
   476       Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
   477       Cpu(s):  0.2%us,  0.3%sy,  0.0%ni, 99.5%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
   478       Mem:    373572k total,   355780k used,    17792k free,    27880k buffers
   479       Swap:   786428k total,        0k used,   786428k free,   221776k cached
   481       PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
   482            1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
   483      ^C$
   484      $ echo $?
   485      0
   486      $ docker ps -a | grep topdemo
   487      7998ac8581f9        ubuntu:14.04        "/usr/bin/top -b"   38 seconds ago      Exited (0) 21 seconds ago                          topdemo 
   489  And in this second example, you can see the exit code returned by the `bash` process
   490  is returned by the `docker attach` command to its caller too:
   492      $ sudo docker run --name test -d -it debian
   493      275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab
   494      $ sudo docker attach test
   495      $$ exit 13
   496      exit
   497      $ echo $?
   498      13
   499      $ sudo docker ps -a | grep test
   500      275c44472aeb        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
   502  ## build
   504      Usage: docker build [OPTIONS] PATH | URL | -
   506      Build a new image from the source code at PATH
   508        --force-rm=false         Always remove intermediate containers, even after unsuccessful builds
   509        --no-cache=false         Do not use cache when building the image
   510        --pull=false             Always attempt to pull a newer version of the image
   511        -q, --quiet=false        Suppress the verbose output generated by the containers
   512        --rm=true                Remove intermediate containers after a successful build
   513        -t, --tag=""             Repository name (and optionally a tag) to be applied to the resulting image in case of success
   515  Use this command to build Docker images from a Dockerfile and a
   516  "context".
   518  The files at `PATH` or `URL` are called the "context" of the build. The
   519  build process may refer to any of the files in the context, for example
   520  when using an [*ADD*](/reference/builder/#add) instruction.
   521  When a single Dockerfile is given as `URL` or is piped through `STDIN`
   522  (`docker build - < Dockerfile`), then no context is set.
   524  When a Git repository is set as `URL`, then the repository is used as
   525  the context. The Git repository is cloned with its submodules
   526  (`git clone -recursive`). A fresh `git clone` occurs in a temporary directory
   527  on your local host, and then this is sent to the Docker daemon as the
   528  context.  This way, your local user credentials and VPN's etc can be
   529  used to access private repositories.
   531  If a file named `.dockerignore` exists in the root of `PATH` then it
   532  is interpreted as a newline-separated list of exclusion patterns.
   533  Exclusion patterns match files or directories relative to `PATH` that
   534  will be excluded from the context. Globbing is done using Go's
   535  [filepath.Match]( rules.
   537  Please note that `.dockerignore` files in other subdirectories are
   538  considered as normal files. Filepaths in .dockerignore are absolute with
   539  the current directory as the root. Wildcards are allowed but the search
   540  is not recursive.
   542  #### Example .dockerignore file
   543      */temp*
   544      */*/temp*
   545      temp?
   547  The first line above `*/temp*`, would ignore all files with names starting with
   548  `temp` from any subdirectory below the root directory. For example, a file named
   549  `/somedir/temporary.txt` would be ignored. The second line `*/*/temp*`, will
   550  ignore files starting with name `temp` from any subdirectory that is two levels
   551  below the root directory. For example, the file `/somedir/subdir/temporary.txt`
   552  would get ignored in this case. The last line in the above example `temp?`
   553  will ignore the files that match the pattern from the root directory.
   554  For example, the files `tempa`, `tempb` are ignored from the root directory.
   555  Currently there is no support for regular expressions. Formats
   556  like `[^temp*]` are ignored.
   558  By default the `docker build` command will look for a `Dockerfile` at the
   559  root of the build context. The `-f`, `--file`, option lets you specify
   560  the path to an alternative file to use instead.  This is useful
   561  in cases where the same set of files are used for multiple builds. The path
   562  must be to a file within the build context. If a relative path is specified
   563  then it must to be relative to the current directory.
   566  See also:
   568  [*Dockerfile Reference*](/reference/builder).
   570  #### Examples
   572      $ sudo docker build .
   573      Uploading context 10240 bytes
   574      Step 1 : FROM busybox
   575      Pulling repository busybox
   576       ---> e9aa60c60128MB/2.284 MB (100%) endpoint:
   577      Step 2 : RUN ls -lh /
   578       ---> Running in 9c9e81692ae9
   579      total 24
   580      drwxr-xr-x    2 root     root        4.0K Mar 12  2013 bin
   581      drwxr-xr-x    5 root     root        4.0K Oct 19 00:19 dev
   582      drwxr-xr-x    2 root     root        4.0K Oct 19 00:19 etc
   583      drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 lib
   584      lrwxrwxrwx    1 root     root           3 Mar 12  2013 lib64 -> lib
   585      dr-xr-xr-x  116 root     root           0 Nov 15 23:34 proc
   586      lrwxrwxrwx    1 root     root           3 Mar 12  2013 sbin -> bin
   587      dr-xr-xr-x   13 root     root           0 Nov 15 23:34 sys
   588      drwxr-xr-x    2 root     root        4.0K Mar 12  2013 tmp
   589      drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 usr
   590       ---> b35f4035db3f
   591      Step 3 : CMD echo Hello world
   592       ---> Running in 02071fceb21b
   593       ---> f52f38b7823e
   594      Successfully built f52f38b7823e
   595      Removing intermediate container 9c9e81692ae9
   596      Removing intermediate container 02071fceb21b
   598  This example specifies that the `PATH` is
   599  `.`, and so all the files in the local directory get
   600  `tar`d and sent to the Docker daemon. The `PATH`
   601  specifies where to find the files for the "context" of the build on the
   602  Docker daemon. Remember that the daemon could be running on a remote
   603  machine and that no parsing of the Dockerfile
   604  happens at the client side (where you're running
   605  `docker build`). That means that *all* the files at
   606  `PATH` get sent, not just the ones listed to
   607  [*ADD*](/reference/builder/#add) in the Dockerfile.
   609  The transfer of context from the local machine to the Docker daemon is
   610  what the `docker` client means when you see the
   611  "Sending build context" message.
   613  If you wish to keep the intermediate containers after the build is
   614  complete, you must use `--rm=false`. This does not
   615  affect the build cache.
   617      $ sudo docker build .
   618      Uploading context 18.829 MB
   619      Uploading context
   620      Step 0 : FROM busybox
   621       ---> 769b9341d937
   622      Step 1 : CMD echo Hello world
   623       ---> Using cache
   624       ---> 99cc1ad10469
   625      Successfully built 99cc1ad10469
   626      $ echo ".git" > .dockerignore
   627      $ sudo docker build .
   628      Uploading context  6.76 MB
   629      Uploading context
   630      Step 0 : FROM busybox
   631       ---> 769b9341d937
   632      Step 1 : CMD echo Hello world
   633       ---> Using cache
   634       ---> 99cc1ad10469
   635      Successfully built 99cc1ad10469
   637  This example shows the use of the `.dockerignore` file to exclude the `.git`
   638  directory from the context. Its effect can be seen in the changed size of the
   639  uploaded context.
   641      $ sudo docker build -t vieux/apache:2.0 .
   643  This will build like the previous example, but it will then tag the
   644  resulting image. The repository name will be `vieux/apache`
   645  and the tag will be `2.0`
   647      $ sudo docker build - < Dockerfile
   649  This will read a Dockerfile from `STDIN` without context. Due to the
   650  lack of a context, no contents of any local directory will be sent to
   651  the Docker daemon. Since there is no context, a Dockerfile `ADD` only
   652  works if it refers to a remote URL.
   654      $ sudo docker build - < context.tar.gz
   656  This will build an image for a compressed context read from `STDIN`.
   657  Supported formats are: bzip2, gzip and xz.
   659      $ sudo docker build
   661  This will clone the GitHub repository and use the cloned repository as
   662  context. The Dockerfile at the root of the
   663  repository is used as Dockerfile. Note that you
   664  can specify an arbitrary Git repository by using the `git://` or `git@`
   665  schema.
   667      $ sudo docker build -f Dockerfile.debug .
   669  This will use a file called `Dockerfile.debug` for the build
   670  instructions instead of `Dockerfile`.
   672      $ sudo docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .
   673      $ sudo docker build -f dockerfiles/  -t myapp_prod .
   675  The above commands will build the current build context (as specified by 
   676  the `.`) twice, once using a debug version of a `Dockerfile` and once using 
   677  a production version.
   679      $ cd /home/me/myapp/some/dir/really/deep
   680      $ sudo docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp
   681      $ sudo docker build -f ../../../../dockerfiles/debug /home/me/myapp
   683  These two `docker build` commands do the exact same thing. They both
   684  use the contents of the `debug` file instead of looking for a `Dockerfile` 
   685  and will use `/home/me/myapp` as the root of the build context. Note that 
   686  `debug` is in the directory structure of the build context, regardless of how 
   687  you refer to it on the command line.
   689  > **Note:** `docker build` will return a `no such file or directory` error
   690  > if the file or directory does not exist in the uploaded context. This may
   691  > happen if there is no context, or if you specify a file that is elsewhere
   692  > on the Host system. The context is limited to the current directory (and its
   693  > children) for security reasons, and to ensure repeatable builds on remote
   694  > Docker hosts. This is also the reason why `ADD ../file` will not work.
   696  ## commit
   698      Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
   700      Create a new image from a container's changes
   702        -a, --author=""     Author (e.g., "John Hannibal Smith <>")
   703        -m, --message=""    Commit message
   704        -p, --pause=true    Pause container during commit
   706  It can be useful to commit a container's file changes or settings into a
   707  new image. This allows you debug a container by running an interactive
   708  shell, or to export a working dataset to another server. Generally, it
   709  is better to use Dockerfiles to manage your images in a documented and
   710  maintainable way.
   712  By default, the container being committed and its processes will be paused
   713  while the image is committed. This reduces the likelihood of
   714  encountering data corruption during the process of creating the commit.
   715  If this behavior is undesired, set the 'p' option to false.
   717  #### Commit an existing container
   719      $ sudo docker ps
   720      ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
   721      c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
   722      197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
   723      $ sudo docker commit c3f279d17e0a  SvenDowideit/testimage:version3
   724      f5283438590d
   725      $ sudo docker images | head
   726      REPOSITORY                        TAG                 ID                  CREATED             VIRTUAL SIZE
   727      SvenDowideit/testimage            version3            f5283438590d        16 seconds ago      335.7 MB
   729  ## cp
   731  Copy files/folders from a container's filesystem to the host
   732  path.  Paths are relative to the root of the filesystem.
   734      Usage: docker cp CONTAINER:PATH HOSTPATH
   736      Copy files/folders from the PATH to the HOSTPATH
   738  ## create
   740  Creates a new container.
   742      Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
   744      Create a new container
   746        -a, --attach=[]            Attach to STDIN, STDOUT or STDERR.
   747        --add-host=[]              Add a custom host-to-IP mapping (host:ip)
   748        -c, --cpu-shares=0         CPU shares (relative weight)
   749        --cap-add=[]               Add Linux capabilities
   750        --cap-drop=[]              Drop Linux capabilities
   751        --cidfile=""               Write the container ID to the file
   752        --cpuset=""                CPUs in which to allow execution (0-3, 0,1)
   753        --device=[]                Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
   754        --dns=[]                   Set custom DNS servers
   755        --dns-search=[]            Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
   756        -e, --env=[]               Set environment variables
   757        --entrypoint=""            Overwrite the default ENTRYPOINT of the image
   758        --env-file=[]              Read in a line delimited file of environment variables
   759        --expose=[]                Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host
   760        -h, --hostname=""          Container host name
   761        -i, --interactive=false    Keep STDIN open even if not attached
   762        --ipc=""                   Default is to create a private IPC namespace (POSIX SysV IPC) for the container
   763                                     'container:<name|id>': reuses another container shared memory, semaphores and message queues
   764                                     'host': use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
   765        --link=[]                  Add link to another container in the form of <name or id>:alias
   766        --lxc-conf=[]              (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
   767        -m, --memory=""            Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
   768        --mac-address=""           Container MAC address (e.g. 92:d0:c6:0a:29:33)
   769        --name=""                  Assign a name to the container
   770        --net="bridge"             Set the Network mode for the container
   771                                     'bridge': creates a new network stack for the container on the docker bridge
   772                                     'none': no networking for this container
   773                                     'container:<name|id>': reuses another container network stack
   774                                     'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
   775        -P, --publish-all=false    Publish all exposed ports to random ports on the host interfaces
   776        -p, --publish=[]           Publish a container's port, or a range of ports (e.g., `-p 3300-3310`), to the host
   777                                     format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
   778                                     Both hostPort and containerPort can be specified as a range of ports. 
   779                                     When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`)
   780                                     (use 'docker port' to see the actual mapping)
   781        --privileged=false         Give extended privileges to this container
   782        --read-only=false           Mount the container's root filesystem as read only
   783        --restart=""               Restart policy to apply when a container exits (no, on-failure[:max-retry], always)
   784        --security-opt=[]          Security Options
   785        -t, --tty=false            Allocate a pseudo-TTY
   786        -u, --user=""              Username or UID
   787        -v, --volume=[]            Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)
   788        --volumes-from=[]          Mount volumes from the specified container(s)
   789        -w, --workdir=""           Working directory inside the container
   791  The `docker create` command creates a writeable container layer over
   792  the specified image and prepares it for running the specified command.
   793  The container ID is then printed to `STDOUT`.
   794  This is similar to `docker run -d` except the container is never started.
   795  You can then use the `docker start <container_id>` command to start the
   796  container at any point.
   798  This is useful when you want to set up a container configuration ahead
   799  of time so that it is ready to start when you need it.
   801  Note that volumes set by `create` may be over-ridden by options set with
   802  `start`.
   804  Please see the [run command](#run) section for more details.
   806  #### Examples
   808      $ sudo docker create -t -i fedora bash
   809      6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752
   810      $ sudo docker start -a -i 6d8af538ec5
   811      bash-4.2#
   813  As of v1.4.0 container volumes are initialized during the `docker create`
   814  phase (i.e., `docker run` too). For example, this allows you to `create` the
   815  `data` volume container, and then use it from another container:
   817      $ docker create -v /data --name data ubuntu
   818      240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57
   819      $ docker run --rm --volumes-from data ubuntu ls -la /data
   820      total 8
   821      drwxr-xr-x  2 root root 4096 Dec  5 04:10 .
   822      drwxr-xr-x 48 root root 4096 Dec  5 04:11 ..
   824  Similarly, `create` a host directory bind mounted volume container, which
   825  can then be used from the subsequent container:
   827      $ docker create -v /home/docker:/docker --name docker ubuntu
   828      9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03
   829      $ docker run --rm --volumes-from docker ubuntu ls -la /docker
   830      total 20
   831      drwxr-sr-x  5 1000 staff  180 Dec  5 04:00 .
   832      drwxr-xr-x 48 root root  4096 Dec  5 04:13 ..
   833      -rw-rw-r--  1 1000 staff 3833 Dec  5 04:01 .ash_history
   834      -rw-r--r--  1 1000 staff  446 Nov 28 11:51 .ashrc
   835      -rw-r--r--  1 1000 staff   25 Dec  5 04:00 .gitconfig
   836      drwxr-sr-x  3 1000 staff   60 Dec  1 03:28 .local
   837      -rw-r--r--  1 1000 staff  920 Nov 28 11:51 .profile
   838      drwx--S---  2 1000 staff  460 Dec  5 00:51 .ssh
   839      drwxr-xr-x 32 1000 staff 1140 Dec  5 04:01 docker
   842  ## diff
   844  List the changed files and directories in a container᾿s filesystem
   846      Usage: docker diff CONTAINER
   848      Inspect changes on a container's filesystem
   850  There are 3 events that are listed in the `diff`:
   852  1.  `A` - Add
   853  2.  `D` - Delete
   854  3.  `C` - Change
   856  For example:
   858      $ sudo docker diff 7bb0e258aefe
   860      C /dev
   861      A /dev/kmsg
   862      C /etc
   863      A /etc/mtab
   864      A /go
   865      A /go/src
   866      A /go/src/
   867      A /go/src/
   868      A /go/src/
   869      A /go/src/
   870      ....
   872  ## events
   874      Usage: docker events [OPTIONS]
   876      Get real time events from the server
   878        -f, --filter=[]    Provide filter values (i.e., 'event=stop')
   879        --since=""         Show all events created since timestamp
   880        --until=""         Stream events until this timestamp
   882  Docker containers will report the following events:
   884      create, destroy, die, export, kill, oom, pause, restart, start, stop, unpause
   886  and Docker images will report:
   888      untag, delete
   890  #### Filtering
   892  The filtering flag (`-f` or `--filter`) format is of "key=value". If you would like to use
   893  multiple filters, pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
   895  Using the same filter multiple times will be handled as a *OR*; for example
   896  `--filter container=588a23dac085 --filter container=a8f7720b8c22` will display events for
   897  container 588a23dac085 *OR* container a8f7720b8c22
   899  Using multiple filters will be handled as a *AND*; for example
   900  `--filter container=588a23dac085 --filter event=start` will display events for container
   901  container 588a23dac085 *AND* the event type is *start*
   903  Current filters:
   904   * event
   905   * image
   906   * container
   908  #### Examples
   910  You'll need two shells for this example.
   912  **Shell 1: Listening for events:**
   914      $ sudo docker events
   916  **Shell 2: Start and Stop containers:**
   918      $ sudo docker start 4386fb97867d
   919      $ sudo docker stop 4386fb97867d
   920      $ sudo docker stop 7805c1d35632
   922  **Shell 1: (Again .. now showing events):**
   924      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start
   925      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die
   926      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop
   927      2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die
   928      2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   930  **Show events in the past from a specified time:**
   932      $ sudo docker events --since 1378216169
   933      2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die
   934      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop
   935      2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die
   936      2014-03-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   938      $ sudo docker events --since '2013-09-03'
   939      2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start
   940      2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die
   941      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop
   942      2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die
   943      2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   945      $ sudo docker events --since '2013-09-03T15:49:29'
   946      2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die
   947      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop
   948      2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die
   949      2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   951  **Filter events:**
   953      $ sudo docker events --filter 'event=stop'
   954      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop
   955      2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   957      $ sudo docker events --filter 'image=ubuntu-1:14.04'
   958      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start
   959      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die
   960      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop
   962      $ sudo docker events --filter 'container=7805c1d35632'
   963      2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die
   964      2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   966      $ sudo docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d'
   967      2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die
   968      2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop
   969      2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die
   970      2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   972      $ sudo docker events --filter 'container=7805c1d35632' --filter 'event=stop'
   973      2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
   975  ## exec
   977      Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
   979      Run a command in a running container
   981        -d, --detach=false         Detached mode: run command in the background
   982        -i, --interactive=false    Keep STDIN open even if not attached
   983        -t, --tty=false            Allocate a pseudo-TTY
   985  The `docker exec` command runs a new command in a running container.
   987  The command started using `docker exec` will only run while the container's primary
   988  process (`PID 1`) is running, and will not be restarted if the container is restarted.
   990  If the container is paused, then the `docker exec` command will fail with an error:
   992      $ docker pause test
   993      test
   994      $ docker ps
   995      CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                   PORTS               NAMES
   996      1ae3b36715d2        ubuntu:latest       "bash"              17 seconds ago      Up 16 seconds (Paused)                       test
   997      $ docker exec test ls
   998      FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec
   999      $ echo $?
  1000      1
  1002  #### Examples
  1004      $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash
  1006  This will create a container named `ubuntu_bash` and start a Bash session.
  1008      $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks
  1010  This will create a new file `/tmp/execWorks` inside the running container
  1011  `ubuntu_bash`, in the background.
  1013      $ sudo docker exec -it ubuntu_bash bash
  1015  This will create a new Bash session in the container `ubuntu_bash`.
  1017  ## export
  1019      Usage: docker export CONTAINER
  1021      Export the contents of a filesystem as a tar archive to STDOUT
  1023  For example:
  1025      $ sudo docker export red_panda > latest.tar
  1027  > **Note:**
  1028  > `docker export` does not export the contents of volumes associated with the
  1029  > container. If a volume is mounted on top of an existing directory in the 
  1030  > container, `docker export` will export the contents of the *underlying* 
  1031  > directory, not the contents of the volume.
  1032  >
  1033  > Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes)
  1034  > in the user guide for examples on exporting data in a volume.
  1036  ## history
  1038      Usage: docker history [OPTIONS] IMAGE
  1040      Show the history of an image
  1042        --no-trunc=false     Don't truncate output
  1043        -q, --quiet=false    Only show numeric IDs
  1045  To see how the `docker:latest` image was built:
  1047      $ sudo docker history docker
  1048      IMAGE                                                              CREATED             CREATED BY                                                                                                                                                 SIZE
  1049      3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094   8 days ago          /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8                                                                                                                       0 B
  1050      8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36   8 days ago          /bin/sh -c dpkg-reconfigure locales &&    locale-gen C.UTF-8 &&    /usr/sbin/update-locale LANG=C.UTF-8                                                    1.245 MB
  1051      be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60   8 days ago          /bin/sh -c apt-get update && apt-get install -y    git    libxml2-dev    python    build-essential    make    gcc    python-dev    locales    python-pip   338.3 MB
  1052      4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084   6 weeks ago         /bin/sh -c #(nop) ADD jessie.tar.xz in /                                                                                                                   121 MB
  1053      750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada   6 weeks ago         /bin/sh -c #(nop) MAINTAINER Tianon Gravi <> - -t jessie.tar.xz jessie             0 B
  1054      511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158   9 months ago                                                                                                                                                                   0 B
  1056  ## images
  1058      Usage: docker images [OPTIONS] [REPOSITORY]
  1060      List images
  1062        -a, --all=false      Show all images (by default filter out the intermediate image layers)
  1063        -f, --filter=[]      Provide filter values (i.e., 'dangling=true')
  1064        --no-trunc=false     Don't truncate output
  1065        -q, --quiet=false    Only show numeric IDs
  1067  The default `docker images` will show all top level
  1068  images, their repository and tags, and their virtual size.
  1070  Docker images have intermediate layers that increase reusability,
  1071  decrease disk usage, and speed up `docker build` by
  1072  allowing each step to be cached. These intermediate layers are not shown
  1073  by default.
  1075  The `VIRTUAL SIZE` is the cumulative space taken up by the image and all
  1076  its parent images. This is also the disk space used by the contents of the
  1077  Tar file created when you `docker save` an image.
  1079  An image will be listed more than once if it has multiple repository names
  1080  or tags. This single image (identifiable by its matching `IMAGE ID`)
  1081  uses up the `VIRTUAL SIZE` listed only once.
  1083  #### Listing the most recently created images
  1085      $ sudo docker images | head
  1086      REPOSITORY                TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
  1087      <none>                    <none>              77af4d6b9913        19 hours ago        1.089 GB
  1088      committ                   latest              b6fa739cedf5        19 hours ago        1.089 GB
  1089      <none>                    <none>              78a85c484f71        19 hours ago        1.089 GB
  1090      docker                    latest              30557a29d5ab        20 hours ago        1.089 GB
  1091      <none>                    <none>              5ed6274db6ce        24 hours ago        1.089 GB
  1092      postgres                  9                   746b819f315e        4 days ago          213.4 MB
  1093      postgres                  9.3                 746b819f315e        4 days ago          213.4 MB
  1094      postgres                  9.3.5               746b819f315e        4 days ago          213.4 MB
  1095      postgres                  latest              746b819f315e        4 days ago          213.4 MB
  1098  #### Listing the full length image IDs
  1100      $ sudo docker images --no-trunc | head
  1101      REPOSITORY                    TAG                 IMAGE ID                                                           CREATED             VIRTUAL SIZE
  1102      <none>                        <none>              77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182   19 hours ago        1.089 GB
  1103      committest                    latest              b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f   19 hours ago        1.089 GB
  1104      <none>                        <none>              78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921   19 hours ago        1.089 GB
  1105      docker                        latest              30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4   20 hours ago        1.089 GB
  1106      <none>                        <none>              0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5   20 hours ago        1.089 GB
  1107      <none>                        <none>              18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b   22 hours ago        1.082 GB
  1108      <none>                        <none>              f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a   23 hours ago        1.089 GB
  1109      tryout                        latest              2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074   23 hours ago        131.5 MB
  1110      <none>                        <none>              5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df   24 hours ago        1.089 GB
  1112  #### Filtering
  1114  The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
  1115  than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
  1117  Current filters:
  1118   * dangling (boolean - true or false)
  1120  ##### Untagged images
  1122      $ sudo docker images --filter "dangling=true"
  1124      REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
  1125      <none>              <none>              8abc22fbb042        4 weeks ago         0 B
  1126      <none>              <none>              48e5f45168b9        4 weeks ago         2.489 MB
  1127      <none>              <none>              bf747efa0e2f        4 weeks ago         0 B
  1128      <none>              <none>              980fe10e5736        12 weeks ago        101.4 MB
  1129      <none>              <none>              dea752e4e117        12 weeks ago        101.4 MB
  1130      <none>              <none>              511136ea3c5a        8 months ago        0 B
  1132  This will display untagged images, that are the leaves of the images tree (not
  1133  intermediary layers). These images occur when a new build of an image takes the
  1134  `repo:tag` away from the image ID, leaving it untagged. A warning will be issued
  1135  if trying to remove an image when a container is presently using it.
  1136  By having this flag it allows for batch cleanup.
  1138  Ready for use by `docker rmi ...`, like:
  1140      $ sudo docker rmi $(sudo docker images -f "dangling=true" -q)
  1142      8abc22fbb042
  1143      48e5f45168b9
  1144      bf747efa0e2f
  1145      980fe10e5736
  1146      dea752e4e117
  1147      511136ea3c5a
  1149  NOTE: Docker will warn you if any containers exist that are using these untagged images.
  1151  ## import
  1153      Usage: docker import URL|- [REPOSITORY[:TAG]]
  1155      Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it.
  1157  URLs must start with `http` and point to a single file archive (.tar,
  1158  .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If
  1159  you would like to import from a local directory or archive, you can use
  1160  the `-` parameter to take the data from `STDIN`.
  1162  #### Examples
  1164  **Import from a remote location:**
  1166  This will create a new untagged image.
  1168      $ sudo docker import
  1170  **Import from a local file:**
  1172  Import to docker via pipe and `STDIN`.
  1174      $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new
  1176  **Import from a local directory:**
  1178      $ sudo tar -c . | sudo docker import - exampleimagedir
  1180  Note the `sudo` in this example – you must preserve
  1181  the ownership of the files (especially root ownership) during the
  1182  archiving with tar. If you are not root (or the sudo command) when you
  1183  tar, then the ownerships might not get preserved.
  1185  ## info
  1188      Usage: docker info
  1190      Display system-wide information
  1192  For example:
  1194      $ sudo docker -D info
  1195      Containers: 14
  1196      Images: 52
  1197      Storage Driver: aufs
  1198       Root Dir: /var/lib/docker/aufs
  1199       Backing Filesystem: extfs
  1200       Dirs: 545
  1201      Execution Driver: native-0.2
  1202      Kernel Version: 3.13.0-24-generic
  1203      Operating System: Ubuntu 14.04 LTS
  1204      CPUs: 1
  1205      Name: prod-server-42
  1207      Total Memory: 2 GiB
  1208      Debug mode (server): false
  1209      Debug mode (client): true
  1210      Fds: 10
  1211      Goroutines: 9
  1212      EventsListeners: 0
  1213      Init Path: /usr/bin/docker
  1214      Docker Root Dir: /var/lib/docker
  1215      Username: svendowideit
  1216      Registry: []
  1217      Labels:
  1218       storage=ssd
  1220  The global `-D` option tells all `docker` commands to output debug information.
  1222  When sending issue reports, please use `docker version` and `docker -D info` to
  1223  ensure we know how your setup is configured.
  1225  ## inspect
  1227      Usage: docker inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...]
  1229      Return low-level information on a container or image
  1231        -f, --format=""    Format the output using the given go template.
  1233  By default, this will render all results in a JSON array. If a format is
  1234  specified, the given template will be executed for each result.
  1236  Go's [text/template]( package
  1237  describes all the details of the format.
  1239  #### Examples
  1241  **Get an instance's IP address:**
  1243  For the most part, you can pick out any field from the JSON in a fairly
  1244  straightforward manner.
  1246      $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID
  1248  **Get an instance's MAC Address:**
  1250  For the most part, you can pick out any field from the JSON in a fairly
  1251  straightforward manner.
  1253      $ sudo docker inspect --format='{{.NetworkSettings.MacAddress}}' $INSTANCE_ID
  1255  **List All Port Bindings:**
  1257  One can loop over arrays and maps in the results to produce simple text
  1258  output:
  1260      $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
  1262  **Find a Specific Port Mapping:**
  1264  The `.Field` syntax doesn't work when the field name begins with a
  1265  number, but the template language's `index` function does. The
  1266  `.NetworkSettings.Ports` section contains a map of the internal port
  1267  mappings to a list of external address/port objects, so to grab just the
  1268  numeric public port, you use `index` to find the specific port map, and
  1269  then `index` 0 contains the first object inside of that. Then we ask for
  1270  the `HostPort` field to get the public address.
  1272      $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
  1274  **Get config:**
  1276  The `.Field` syntax doesn't work when the field contains JSON data, but
  1277  the template language's custom `json` function does. The `.config`
  1278  section contains complex JSON object, so to grab it as JSON, you use
  1279  `json` to convert the configuration object into JSON.
  1281      $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID
  1283  ## kill
  1285      Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...]
  1287      Kill a running container using SIGKILL or a specified signal
  1289        -s, --signal="KILL"    Signal to send to the container
  1291  The main process inside the container will be sent `SIGKILL`, or any
  1292  signal specified with option `--signal`.
  1294  ## load
  1296      Usage: docker load [OPTIONS]
  1298      Load an image from a tar archive on STDIN
  1300        -i, --input=""     Read from a tar archive file, instead of STDIN
  1302  Loads a tarred repository from a file or the standard input stream.
  1303  Restores both images and tags.
  1305      $ sudo docker images
  1306      REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
  1307      $ sudo docker load < busybox.tar
  1308      $ sudo docker images
  1309      REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
  1310      busybox             latest              769b9341d937        7 weeks ago         2.489 MB
  1311      $ sudo docker load --input fedora.tar
  1312      $ sudo docker images
  1313      REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
  1314      busybox             latest              769b9341d937        7 weeks ago         2.489 MB
  1315      fedora              rawhide             0d20aec6529d        7 weeks ago         387 MB
  1316      fedora              20                  58394af37342        7 weeks ago         385.5 MB
  1317      fedora              heisenbug           58394af37342        7 weeks ago         385.5 MB
  1318      fedora              latest              58394af37342        7 weeks ago         385.5 MB
  1320  ## login
  1322      Usage: docker login [OPTIONS] [SERVER]
  1324      Register or log in to a Docker registry server, if no server is specified "" is the default.
  1326        -e, --email=""       Email
  1327        -p, --password=""    Password
  1328        -u, --username=""    Username
  1330  If you want to login to a self-hosted registry you can specify this by
  1331  adding the server name.
  1333      example:
  1334      $ sudo docker login localhost:8080
  1336  ## logout
  1338      Usage: docker logout [SERVER]
  1340      Log out from a Docker registry, if no server is specified "" is the default.
  1342  For example:
  1344      $ sudo docker logout localhost:8080
  1346  ## logs
  1348      Usage: docker logs [OPTIONS] CONTAINER
  1350      Fetch the logs of a container
  1352        -f, --follow=false        Follow log output
  1353        -t, --timestamps=false    Show timestamps
  1354        --tail="all"              Output the specified number of lines at the end of logs (defaults to all logs)
  1356  The `docker logs` command batch-retrieves logs present at the time of execution.
  1358  The `docker logs --follow` command will continue streaming the new output from
  1359  the container's `STDOUT` and `STDERR`.
  1361  Passing a negative number or a non-integer to `--tail` is invalid and the
  1362  value is set to `all` in that case. This behavior may change in the future.
  1364  The `docker logs --timestamp` commands will add an RFC3339Nano
  1365  timestamp, for example `2014-09-16T06:17:46.000000000Z`, to each
  1366  log entry. To ensure that the timestamps for are aligned the
  1367  nano-second part of the timestamp will be padded with zero when necessary.
  1385  ## port
  1387      Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]]
  1389      List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
  1391  You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or
  1392  just a specific mapping:
  1394      $ sudo docker ps test
  1395      CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                            NAMES
  1396      b650456536c7        busybox:latest      top                 54 minutes ago      Up 54 minutes>9876/tcp,>7890/tcp   test
  1397      $ sudo docker port test
  1398      7890/tcp ->
  1399      9876/tcp ->
  1400      $ sudo docker port test 7890/tcp
  1402      $ sudo docker port test 7890/udp
  1403      2014/06/24 11:53:36 Error: No public port '7890/udp' published for test
  1404      $ sudo docker port test 7890
  1407  ## pause
  1409      Usage: docker pause CONTAINER
  1411      Pause all processes within a container
  1413  The `docker pause` command uses the cgroups freezer to suspend all processes in
  1414  a container.  Traditionally when suspending a process the `SIGSTOP` signal is
  1415  used, which is observable by the process being suspended. With the cgroups freezer
  1416  the process is unaware, and unable to capture, that it is being suspended,
  1417  and subsequently resumed.
  1419  See the
  1420  [cgroups freezer documentation](
  1421  for further details.
  1423  ## rename
  1425      Usage: docker rename OLD_NAME NEW_NAME
  1427      rename a existing container to a NEW_NAME
  1429  The `docker rename` command allows the container to be renamed to a different name.  
  1431  ## ps
  1433      Usage: docker ps [OPTIONS]
  1435      List containers
  1437        -a, --all=false       Show all containers. Only running containers are shown by default.
  1438        --before=""           Show only container created before Id or Name, include non-running ones.
  1439        -f, --filter=[]       Provide filter values. Valid filters:
  1440                                exited=<int> - containers with exit code of <int>
  1441                                status=(restarting|running|paused|exited)
  1442        -l, --latest=false    Show only the latest created container, include non-running ones.
  1443        -n=-1                 Show n last created containers, include non-running ones.
  1444        --no-trunc=false      Don't truncate output
  1445        -q, --quiet=false     Only display numeric IDs
  1446        -s, --size=false      Display total file sizes
  1447        --since=""            Show only containers created since Id or Name, include non-running ones.
  1449  Running `docker ps --no-trunc` showing 2 linked containers.
  1451      $ sudo docker ps
  1452      CONTAINER ID                                                            IMAGE                        COMMAND                CREATED              STATUS              PORTS               NAMES
  1453      f7ee772232194fcc088c6bdec6ea09f7b3f6c54d53934658164b8602d7cd4744        ubuntu:12.04                 bash                   17 seconds ago       Up 16 seconds                           webapp
  1454      d0963715a061c7c7b7cc80b2646da913a959fbf13e80a971d4a60f6997a2f595        crosbymichael/redis:latest   /redis-server --dir    33 minutes ago       Up 33 minutes       6379/tcp            redis,webapp/db
  1456  `docker ps` will show only running containers by default. To see all containers:
  1457  `docker ps -a`
  1459  #### Filtering
  1461  The filtering flag (`-f` or `--filter)` format is a `key=value` pair. If there is more
  1462  than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`)
  1464  Current filters:
  1465   * exited (int - the code of exited containers. Only useful with '--all')
  1466   * status (restarting|running|paused|exited)
  1468  ##### Successfully exited containers
  1470      $ sudo docker ps -a --filter 'exited=0'
  1471      CONTAINER ID        IMAGE             COMMAND                CREATED             STATUS                   PORTS                      NAMES
  1472      ea09c3c82f6e        registry:latest   /srv/            2 weeks ago         Exited (0) 2 weeks ago>5000/tcp   desperate_leakey
  1473      106ea823fe4e        fedora:latest     /bin/sh -c 'bash -l'   2 weeks ago         Exited (0) 2 weeks ago                              determined_albattani
  1474      48ee228c9464        fedora:20         bash                   2 weeks ago         Exited (0) 2 weeks ago                              tender_torvalds
  1476  This shows all the containers that have exited with status of '0'
  1478  ## pull
  1480      Usage: docker pull [OPTIONS] NAME[:TAG]
  1482      Pull an image or a repository from the registry
  1484        -a, --all-tags=false    Download all tagged images in the repository
  1486  Most of your images will be created on top of a base image from the
  1487  [Docker Hub]( registry.
  1489  [Docker Hub]( contains many pre-built images that you
  1490  can `pull` and try without needing to define and configure your own.
  1492  It is also possible to manually specify the path of a registry to pull from.
  1493  For example, if you have set up a local registry, you can specify its path to
  1494  pull from it. A repository path is similar to a URL, but does not contain
  1495  a protocol specifier (`https://`, for example).
  1497  To download a particular image, or set of images (i.e., a repository),
  1498  use `docker pull`:
  1500      $ sudo docker pull debian
  1501      # will pull the debian:latest image, its intermediate layers
  1502      # and any aliases of the same id
  1503      $ sudo docker pull debian:testing
  1504      # will pull the image named debian:testing and any intermediate
  1505      # layers it is based on.
  1506      # (Typically the empty `scratch` image, a MAINTAINER layer,
  1507      # and the un-tarred base).
  1508      $ sudo docker pull --all-tags centos
  1509      # will pull all the images from the centos repository
  1510      $ sudo docker pull
  1511      # manually specifies the path to the default Docker registry. This could
  1512      # be replaced with the path to a local registry to pull from another source.
  1514  ## push
  1516      Usage: docker push NAME[:TAG]
  1518      Push an image or a repository to the registry
  1520  Use `docker push` to share your images to the [Docker Hub](
  1521  registry or to a self-hosted one.
  1523  ## restart
  1525      Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...]
  1527      Restart a running container
  1529        -t, --time=10      Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.
  1531  ## rm
  1533      Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
  1535      Remove one or more containers
  1537        -f, --force=false      Force the removal of a running container (uses SIGKILL)
  1538        -l, --link=false       Remove the specified link and not the underlying container
  1539        -v, --volumes=false    Remove the volumes associated with the container
  1541  #### Examples
  1543      $ sudo docker rm /redis
  1544      /redis
  1546  This will remove the container referenced under the link
  1547  `/redis`.
  1549      $ sudo docker rm --link /webapp/redis
  1550      /webapp/redis
  1552  This will remove the underlying link between `/webapp` and the `/redis`
  1553  containers removing all network communication.
  1555      $ sudo docker rm --force redis
  1556      redis
  1558  The main process inside the container referenced under the link `/redis` will receive
  1559  `SIGKILL`, then the container will be removed.
  1561  This command will delete all stopped containers. The command `docker ps
  1562  -a -q` will return all existing container IDs and pass them to the `rm`
  1563  command which will delete them. Any running containers will not be
  1564  deleted.
  1566  ## rmi
  1568      Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
  1570      Remove one or more images
  1572        -f, --force=false    Force removal of the image
  1573        --no-prune=false     Do not delete untagged parents
  1575  #### Removing tagged images
  1577  Images can be removed either by their short or long IDs, or their image
  1578  names. If an image has more than one name, each of them needs to be
  1579  removed before the image is removed.
  1581      $ sudo docker images
  1582      REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
  1583      test1                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
  1584      test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
  1585      test2                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
  1587      $ sudo docker rmi fd484f19954f
  1588      Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories
  1589      2013/12/11 05:47:16 Error: failed to remove one or more images
  1591      $ sudo docker rmi test1
  1592      Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
  1593      $ sudo docker rmi test2
  1594      Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
  1596      $ sudo docker images
  1597      REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
  1598      test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
  1599      $ sudo docker rmi test
  1600      Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
  1601      Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
  1603  ## run
  1605      Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
  1607      Run a command in a new container
  1609        -a, --attach=[]            Attach to STDIN, STDOUT or STDERR.
  1610        --add-host=[]              Add a custom host-to-IP mapping (host:ip)
  1611        -c, --cpu-shares=0         CPU shares (relative weight)
  1612        --cap-add=[]               Add Linux capabilities
  1613        --cap-drop=[]              Drop Linux capabilities
  1614        --cidfile=""               Write the container ID to the file
  1615        --cpuset=""                CPUs in which to allow execution (0-3, 0,1)
  1616        -d, --detach=false         Detached mode: run the container in the background and print the new container ID
  1617        --device=[]                Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
  1618        --dns=[]                   Set custom DNS servers
  1619        --dns-search=[]            Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
  1620        -e, --env=[]               Set environment variables
  1621        --entrypoint=""            Overwrite the default ENTRYPOINT of the image
  1622        --env-file=[]              Read in a line delimited file of environment variables
  1623        --expose=[]                Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host
  1624        -h, --hostname=""          Container host name
  1625        -i, --interactive=false    Keep STDIN open even if not attached
  1626        --ipc=""                   Default is to create a private IPC namespace (POSIX SysV IPC) for the container
  1627                                     'container:<name|id>': reuses another container shared memory, semaphores and message queues
  1628                                     'host': use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
  1629        --link=[]                  Add link to another container in the form of name:alias
  1630        --lxc-conf=[]              (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
  1631        -m, --memory=""            Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
  1632        -memory-swap=""            Total memory usage (memory + swap), set '-1' to disable swap (format: <number><optional unit>, where unit = b, k, m or g)
  1633        --mac-address=""           Container MAC address (e.g. 92:d0:c6:0a:29:33)
  1634        --name=""                  Assign a name to the container
  1635        --net="bridge"             Set the Network mode for the container
  1636                                     'bridge': creates a new network stack for the container on the docker bridge
  1637                                     'none': no networking for this container
  1638                                     'container:<name|id>': reuses another container network stack
  1639                                     'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
  1640        -P, --publish-all=false    Publish all exposed ports to random ports on the host interfaces
  1641        -p, --publish=[]           Publish a container's port to the host
  1642                                     format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
  1643                                     Both hostPort and containerPort can be specified as a range of ports. 
  1644                                     When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`)
  1645                                     (use 'docker port' to see the actual mapping)
  1646        --pid=host		 'host': use the host PID namespace inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
  1647        --privileged=false         Give extended privileges to this container
  1648        --read-only=false           Mount the container's root filesystem as read only
  1649        --restart=""               Restart policy to apply when a container exits (no, on-failure[:max-retry], always)
  1650        --rm=false                 Automatically remove the container when it exits (incompatible with -d)
  1651        --security-opt=[]          Security Options
  1652        --sig-proxy=true           Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.
  1653        -t, --tty=false            Allocate a pseudo-TTY
  1654        -u, --user=""              Username or UID
  1655        -v, --volume=[]            Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)
  1656        --volumes-from=[]          Mount volumes from the specified container(s)
  1657        -w, --workdir=""           Working directory inside the container
  1659  The `docker run` command first `creates` a writeable container layer over the
  1660  specified image, and then `starts` it using the specified command. That is,
  1661  `docker run` is equivalent to the API `/containers/create` then
  1662  `/containers/(id)/start`. A stopped container can be restarted with all its
  1663  previous changes intact using `docker start`. See `docker ps -a` to view a list
  1664  of all containers.
  1666  There is detailed information about `docker run` in the [Docker run reference](
  1667  /reference/run/).
  1669  The `docker run` command can be used in combination with `docker commit` to
  1670  [*change the command that a container runs*](#commit-an-existing-container).
  1672  See the [Docker User Guide](/userguide/dockerlinks/) for more detailed
  1673  information about the `--expose`, `-p`, `-P` and `--link` parameters,
  1674  and linking containers.
  1676  #### Examples
  1678      $ sudo docker run --name test -it debian
  1679      $$ exit 13
  1680      exit
  1681      $ echo $?
  1682      13
  1683      $ sudo docker ps -a | grep test
  1684      275c44472aeb        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
  1686  In this example, we are running `bash` interactively in the `debian:latest` image, and giving
  1687  the container the name `test`. We then quit `bash` by running `exit 13`, which means `bash`
  1688  will have an exit code of `13`. This is then passed on to the caller of `docker run`, and
  1689  is recorded in the `test` container metadata.
  1691      $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
  1693  This will create a container and print `test` to the console. The `cidfile`
  1694  flag makes Docker attempt to create a new file and write the container ID to it.
  1695  If the file exists already, Docker will return an error. Docker will close this
  1696  file when `docker run` exits.
  1698      $ sudo docker run -t -i --rm ubuntu bash
  1699      root@bc338942ef20:/# mount -t tmpfs none /mnt
  1700      mount: permission denied
  1702  This will *not* work, because by default, most potentially dangerous kernel
  1703  capabilities are dropped; including `cap_sys_admin` (which is required to mount
  1704  filesystems). However, the `--privileged` flag will allow it to run:
  1706      $ sudo docker run --privileged ubuntu bash
  1707      root@50e3f57e16e6:/# mount -t tmpfs none /mnt
  1708      root@50e3f57e16e6:/# df -h
  1709      Filesystem      Size  Used Avail Use% Mounted on
  1710      none            1.9G     0  1.9G   0% /mnt
  1712  The `--privileged` flag gives *all* capabilities to the container, and it also
  1713  lifts all the limitations enforced by the `device` cgroup controller. In other
  1714  words, the container can then do almost everything that the host can do. This
  1715  flag exists to allow special use-cases, like running Docker within Docker.
  1717      $ sudo docker  run -w /path/to/dir/ -i -t  ubuntu pwd
  1719  The `-w` lets the command being executed inside directory given, here
  1720  `/path/to/dir/`. If the path does not exists it is created inside the container.
  1722      $ sudo docker  run  -v `pwd`:`pwd` -w `pwd` -i -t  ubuntu pwd
  1724  The `-v` flag mounts the current working directory into the container. The `-w`
  1725  lets the command being executed inside the current working directory, by
  1726  changing into the directory to the value returned by `pwd`. So this
  1727  combination executes the command using the container, but inside the
  1728  current working directory.
  1730      $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash
  1732  When the host directory of a bind-mounted volume doesn't exist, Docker
  1733  will automatically create this directory on the host for you. In the
  1734  example above, Docker will create the `/doesnt/exist`
  1735  folder before starting your container.
  1737      $ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here
  1739  Volumes can be used in combination with `--read-only` to control where 
  1740  a container writes files.  The `--read-only` flag mounts the container's root
  1741  filesystem as read only prohibiting writes to locations other than the
  1742  specified volumes for the container.
  1744      $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh
  1746  By bind-mounting the docker unix socket and statically linked docker
  1747  binary (such as that provided by [](
  1748, you give the container the full access to create and
  1749  manipulate the host's Docker daemon.
  1751      $ sudo docker run -p ubuntu bash
  1753  This binds port `8080` of the container to port `80` on `` of
  1754  the host machine. The [Docker User Guide](/userguide/dockerlinks/)
  1755  explains in detail how to manipulate ports in Docker.
  1757      $ sudo docker run --expose 80 ubuntu bash
  1759  This exposes port `80` of the container for use within a link without
  1760  publishing the port to the host system's interfaces. The [Docker User
  1761  Guide](/userguide/dockerlinks) explains in detail how to manipulate
  1762  ports in Docker.
  1764      $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
  1766  This sets environmental variables in the container. For illustration all three
  1767  flags are shown here. Where `-e`, `--env` take an environment variable and
  1768  value, or if no `=` is provided, then that variable's current value is passed
  1769  through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). 
  1770  When no `=` is provided and that variable is not defined in the client's
  1771  environment then that variable will be removed from the container's list of
  1772  environment variables.
  1773  All three flags, `-e`, `--env` and `--env-file` can be repeated.
  1775  Regardless of the order of these three flags, the `--env-file` are processed
  1776  first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will
  1777  override variables as needed.
  1779      $ cat ./env.list
  1780      TEST_FOO=BAR
  1781      $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO
  1782      TEST_FOO=This is a test
  1784  The `--env-file` flag takes a filename as an argument and expects each line
  1785  to be in the `VAR=VAL` format, mimicking the argument passed to `--env`. Comment
  1786  lines need only be prefixed with `#`
  1788  An example of a file passed with `--env-file`
  1790      $ cat ./env.list
  1791      TEST_FOO=BAR
  1793      # this is a comment
  1794      TEST_APP_DEST_HOST=
  1795      TEST_APP_DEST_PORT=8888
  1797      # pass through this variable from the caller
  1799      $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env
  1800      HOME=/
  1801      PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  1802      HOSTNAME=5198e0745561
  1803      TEST_FOO=BAR
  1804      TEST_APP_DEST_HOST=
  1805      TEST_APP_DEST_PORT=8888
  1806      TEST_PASSTHROUGH=howdy
  1808      $ sudo docker run --name console -t -i ubuntu bash
  1810  This will create and run a new container with the container name being
  1811  `console`.
  1813      $ sudo docker run --link /redis:redis --name console ubuntu bash
  1815  The `--link` flag will link the container named `/redis` into the newly
  1816  created container with the alias `redis`. The new container can access the
  1817  network and environment of the `redis` container via environment variables.
  1818  The `--name` flag will assign the name `console` to the newly created
  1819  container.
  1821      $ sudo docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd
  1823  The `--volumes-from` flag mounts all the defined volumes from the referenced
  1824  containers. Containers can be specified by repetitions of the `--volumes-from`
  1825  argument. The container ID may be optionally suffixed with `:ro` or `:rw` to
  1826  mount the volumes in read-only or read-write mode, respectively. By default,
  1827  the volumes are mounted in the same mode (read write or read only) as
  1828  the reference container.
  1830  The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or
  1831  `STDERR`. This makes it possible to manipulate the output and input as needed.
  1833      $ echo "test" | sudo docker run -i -a stdin ubuntu cat -
  1835  This pipes data into a container and prints the container's ID by attaching
  1836  only to the container's `STDIN`.
  1838      $ sudo docker run -a stderr ubuntu echo test
  1840  This isn't going to print anything unless there's an error because we've
  1841  only attached to the `STDERR` of the container. The container's logs
  1842  still store what's been written to `STDERR` and `STDOUT`.
  1844      $ cat somefile | sudo docker run -i -a stdin mybuilder dobuild
  1846  This is how piping a file into a container could be done for a build.
  1847  The container's ID will be printed after the build is done and the build
  1848  logs could be retrieved using `docker logs`. This is
  1849  useful if you need to pipe a file or something else into a container and
  1850  retrieve the container's ID once the container has finished running.
  1852     $ sudo docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo}
  1853     brw-rw---- 1 root disk 8, 2 Feb  9 16:05 /dev/xvdc
  1854     brw-rw---- 1 root disk 8, 3 Feb  9 16:05 /dev/sdd
  1855     crw-rw-rw- 1 root root 1, 5 Feb  9 16:05 /dev/nulo
  1857  It is often necessary to directly expose devices to a container. The `--device`
  1858  option enables that.  For example, a specific block storage device or loop
  1859  device or audio device can be added to an otherwise unprivileged container
  1860  (without the `--privileged` flag) and have the application directly access it.
  1862  By default, the container will be able to `read`, `write` and `mknod` these devices.
  1863  This can be overridden using a third `:rwm` set of options to each `--device`
  1864  flag:
  1867  ```
  1868  	$ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
  1870  	Command (m for help): q
  1871  	$ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk  /dev/xvdc
  1872  	You will not be able to write the partition table.
  1874  	Command (m for help): q
  1876  	$ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
  1878  	Command (m for help): q
  1880  	$ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk  /dev/xvdc
  1881  	fdisk: unable to open /dev/xvdc: Operation not permitted
  1882  ```
  1884  **Note:**
  1885  > `--device` cannot be safely used with ephemeral devices. Block devices that
  1886  > may be removed should not be added to untrusted containers with `--device`.
  1888  **A complete example:**
  1890      $ sudo docker run -d --name static static-web-files sh
  1891      $ sudo docker run -d --expose=8098 --name riak riakserver
  1892      $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver
  1893      $ sudo docker run -d -p 1443:443 --dns= -v /var/log/httpd --volumes-from static --link riak --link app -h --name web webserver
  1894      $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log
  1896  This example shows five containers that might be set up to test a web
  1897  application change:
  1899  1. Start a pre-prepared volume image `static-web-files` (in the background)
  1900     that has CSS, image and static HTML in it, (with a `VOLUME` instruction in
  1901     the Dockerfile to allow the web server to use those files);
  1902  2. Start a pre-prepared `riakserver` image, give the container name `riak` and
  1903     expose port `8098` to any containers that link to it;
  1904  3. Start the `appserver` image, restricting its memory usage to 100MB, setting
  1905     two environment variables `DEVELOPMENT` and `BRANCH` and bind-mounting the
  1906     current directory (`$(pwd)`) in the container in read-only mode as `/app/bin`;
  1907  4. Start the `webserver`, mapping port `443` in the container to port `1443` on
  1908     the Docker server, setting the DNS server to `` and DNS search
  1909     domain to ``, creating a volume to put the log files into (so we can
  1910     access it from another container), then importing the files from the volume
  1911     exposed by the `static` container, and linking to all exposed ports from
  1912     `riak` and `app`. Lastly, we set the hostname to `` so its
  1913     consistent with the pre-generated SSL certificate;
  1914  5. Finally, we create a container that runs `tail -f access.log` using the logs
  1915     volume from the `web` container, setting the workdir to `/var/log/httpd`. The
  1916     `--rm` option means that when the container exits, the container's layer is
  1917     removed.
  1919  #### Restart Policies
  1921  Using the `--restart` flag on Docker run you can specify a restart policy for
  1922  how a container should or should not be restarted on exit.
  1924  An ever increasing delay (double the previous delay, starting at 100 milliseconds)
  1925  is added before each restart to prevent flooding the server. This means the daemaon
  1926  will wait for 100 mS, then 200 mS, 400, 800, 1600, and so on until either the
  1927  `on-failure` limit is hit, or when you `docker stop` or even `docker rm -f`
  1928  the container.
  1930  When a restart policy is active on a container, it will be shown in `docker ps`
  1931  as either `Up` or `Restarting` in `docker ps`. It can also be useful to use
  1932  `docker events` to see the restart policy in effect.
  1934  ** no ** - Do not restart the container when it exits.
  1936  ** on-failure ** - Restart the container only if it exits with a non zero exit status.
  1938  ** always ** - Always restart the container regardless of the exit status.
  1940  You can also specify the maximum amount of times Docker will try to
  1941  restart the container when using the ** on-failure ** policy.  The
  1942  default is that Docker will try forever to restart the container.
  1944      $ sudo docker run --restart=always redis
  1946  This will run the `redis` container with a restart policy of ** always ** so that if
  1947  the container exits, Docker will restart it.
  1949      $ sudo docker run --restart=on-failure:10 redis
  1951  This will run the `redis` container with a restart policy of **
  1952  on-failure ** and a maximum restart count of 10.  If the `redis`
  1953  container exits with a non-zero exit status more than 10 times in a row
  1954  Docker will abort trying to restart the container.  Providing a maximum
  1955  restart limit is only valid for the ** on-failure ** policy.
  1957  ### Adding entries to a container hosts file
  1959  You can add other hosts into a container's `/etc/hosts` file by using one or more
  1960  `--add-host` flags. This example adds a static address for a host named `docker`:
  1962  ```
  1963      $ docker run --add-host=docker: --rm -it debian
  1964      $$ ping docker
  1965      PING docker ( 48 data bytes
  1966      56 bytes from icmp_seq=0 ttl=254 time=7.600 ms
  1967      56 bytes from icmp_seq=1 ttl=254 time=30.705 ms
  1968      ^C--- docker ping statistics ---
  1969      2 packets transmitted, 2 packets received, 0% packet loss
  1970      round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms
  1971  ```
  1973  > **Note:**
  1974  > Sometimes you need to connect to the Docker host, which means getting the IP
  1975  > address of the host. You can use the following shell commands to simplify this
  1976  > process:
  1977  >
  1978  >      $ alias hostip="ip route show | grep -Eo 'via \S+' | awk '{ print \$2 }'"
  1979  >      $ docker run  --add-host=docker:$(hostip) --rm -it debian
  1981  ## save
  1983      Usage: docker save [OPTIONS] IMAGE [IMAGE...]
  1985      Save an image(s) to a tar archive (streamed to STDOUT by default)
  1987        -o, --output=""    Write to a file, instead of STDOUT
  1989  Produces a tarred repository to the standard output stream.
  1990  Contains all parent layers, and all tags + versions, or specified `repo:tag`, for
  1991  each argument provided.
  1993  It is used to create a backup that can then be used with `docker load`
  1995      $ sudo docker save busybox > busybox.tar
  1996      $ ls -sh busybox.tar
  1997      2.7M busybox.tar
  1998      $ sudo docker save --output busybox.tar busybox
  1999      $ ls -sh busybox.tar
  2000      2.7M busybox.tar
  2001      $ sudo docker save -o fedora-all.tar fedora
  2002      $ sudo docker save -o fedora-latest.tar fedora:latest
  2004  It is even useful to cherry-pick particular tags of an image repository
  2006     $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy
  2008  ## search
  2010  Search [Docker Hub]( for images
  2012      Usage: docker search [OPTIONS] TERM
  2014      Search the Docker Hub for images
  2016        --automated=false    Only show automated builds
  2017        --no-trunc=false     Don't truncate output
  2018        -s, --stars=0        Only displays with at least x stars
  2020  See [*Find Public Images on Docker Hub*](
  2021  /userguide/dockerrepos/#searching-for-images) for
  2022  more details on finding shared images from the command line.
  2024  > **Note:** 
  2025  > Search queries will only return up to 25 results 
  2027  ## start
  2029      Usage: docker start [OPTIONS] CONTAINER [CONTAINER...]
  2031      Restart a stopped container
  2033        -a, --attach=false         Attach container's STDOUT and STDERR and forward all signals to the process
  2034        -i, --interactive=false    Attach container's STDIN
  2036  ## stats
  2038      Usage: docker stats [CONTAINERS]
  2040      Display a live stream of one or more containers' resource usage statistics
  2042        --help=false       Print usage
  2044  > **Note**: this functionality currently only works when using the *libcontainer* exec-driver.
  2046  Running `docker stats` on multiple containers
  2048      $ sudo docker stats redis1 redis2
  2049      CONTAINER           CPU %               MEM USAGE/LIMIT     MEM %               NET I/O
  2050      redis1              0.07%               796 KiB/64 MiB      1.21%               788 B/648 B
  2051      redis2              0.07%               2.746 MiB/64 MiB    4.29%               1.266 KiB/648 B
  2054  The `docker stats` command will only return a live stream of data for running 
  2055  containers. Stopped containers will not return any data.
  2057  > **Note:**
  2058  > If you want more detailed information about a container's resource usage, use the API endpoint.
  2060  ## stop
  2062      Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
  2064      Stop a running container by sending SIGTERM and then SIGKILL after a grace period
  2066        -t, --time=10      Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.
  2068  The main process inside the container will receive `SIGTERM`, and after a
  2069  grace period, `SIGKILL`.
  2071  ## tag
  2073      Usage: docker tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]
  2075      Tag an image into a repository
  2077        -f, --force=false    Force
  2079  You can group your images together using names and tags, and then upload
  2080  them to [*Share Images via Repositories*](
  2081  /userguide/dockerrepos/#contributing-to-docker-hub).
  2083  ## top
  2085      Usage: docker top CONTAINER [ps OPTIONS]
  2087      Display the running processes of a container
  2089  ## unpause
  2091      Usage: docker unpause CONTAINER
  2093      Unpause all processes within a container
  2095  The `docker unpause` command uses the cgroups freezer to un-suspend all
  2096  processes in a container.
  2098  See the
  2099  [cgroups freezer documentation](
  2100  for further details.
  2102  ## version
  2104      Usage: docker version
  2106      Show the Docker version information.
  2108  Show the Docker version, API version, Git commit, and Go version of
  2109  both Docker client and daemon.
  2111  ## wait
  2113      Usage: docker wait CONTAINER [CONTAINER...]
  2115      Block until a container stops, then print its exit code.