Browse code
Adding release notes for 1.3.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Fred Lifton authored on 2014/10/14 09:17:41Showing 1 changed files
| ... | ... |
@@ -88,63 +88,40 @@ implementation, check out the [Docker User Guide](/userguide/). |
| 88 | 88 |
|
| 89 | 89 |
## Release Notes |
| 90 | 90 |
|
| 91 |
-**Version 1.2.0** |
|
| 91 |
+**Version 1.3.0** |
|
| 92 | 92 |
|
| 93 | 93 |
This version fixes a number of bugs and issues and adds new functions and other |
| 94 | 94 |
improvements. These include: |
| 95 | 95 |
|
| 96 |
-*New restart policies* |
|
| 96 |
+*New command: `docker exec`* |
|
| 97 | 97 |
|
| 98 |
-We added a `--restart flag` to `docker run` to specify a restart policy for your |
|
| 99 |
-container. Currently, there are three policies available: |
|
| 98 |
+The new `docker exec` command lets you run a process in an existing, active |
|
| 99 |
+container. The command has APIs for both the daemon and the client. With |
|
| 100 |
+`docker exec`, you'll be able to do things like add or remove devices from running containers, debug running containers, and run commands that are not |
|
| 101 |
+part of the container's static specification. |
|
| 100 | 102 |
|
| 101 |
-* `no` – Do not restart the container if it dies. (default) |
|
| 102 |
-* `on-failure` – Restart the container if it exits with a non-zero exit code. |
|
| 103 |
-This can also accept an optional maximum restart count (e.g. `on-failure:5`). |
|
| 104 |
-* `always` – Always restart the container no matter what exit code is returned. |
|
| 105 |
-This deprecates the `--restart` flag on the Docker daemon. |
|
| 103 |
+*New command: `docker create`* |
|
| 106 | 104 |
|
| 107 |
-*New flags for `docker run`: `--cap-add` and `–-cap-drop`* |
|
| 105 |
+Traditionally, the `docker run` command has been used to both create a |
|
| 106 |
+container and spawn a process to run it. The new `docker create` command breaks |
|
| 107 |
+this apart, letting you set up a container without actually starting it. This |
|
| 108 |
+provides more control over management of the container lifecycle, giving you the |
|
| 109 |
+ability to configure things like volumes or port mappings before the container |
|
| 110 |
+is started. For example, in a rapid-response scaling situation, you could use |
|
| 111 |
+`create` to prepare and stage ten containers in anticipation of heavy loads. |
|
| 108 | 112 |
|
| 109 |
-In previous releases, Docker containers could either be given complete capabilities or |
|
| 110 |
-they could all follow a whitelist of allowed capabilities while dropping all others. |
|
| 111 |
-Further, using `--privileged` would grant all capabilities inside a container, rather than |
|
| 112 |
-applying a whitelist. This was not recommended for production use because it’s really |
|
| 113 |
-unsafe; it’s as if you were directly in the host. |
|
| 113 |
+*New provenance features* |
|
| 114 | 114 |
|
| 115 |
-This release introduces two new flags for `docker run`, `--cap-add` and `--cap-drop`, that |
|
| 116 |
-give you fine-grain control over the specific capabilities you want grant to a particular |
|
| 117 |
-container. |
|
| 115 |
+Official images are now signed by Docker, Inc. to improve your confidence and |
|
| 116 |
+security. Look for the blue ribbons on the [Docker Hub](https://hub.docker.com/). |
|
| 117 |
+The Docker Engine has been updated to automatically verify that a given Official |
|
| 118 |
+Repo has a current, valid signature. If no valid signature is detected, Docker |
|
| 119 |
+Engine will use a prior image. |
|
| 118 | 120 |
|
| 119 |
-*New `-–device` flag for `docker run`* |
|
| 120 |
- |
|
| 121 |
-Previously, you could only use devices inside your containers by bind mounting them (with |
|
| 122 |
-`-v`) in a `--privileged` container. With this release, we introduce the `--device flag` |
|
| 123 |
-to `docker run` which lets you use a device without requiring a privileged container. |
|
| 124 |
- |
|
| 125 |
-*Writable `/etc/hosts`, `/etc/hostname` and `/etc/resolv.conf`* |
|
| 126 |
- |
|
| 127 |
-You can now edit `/etc/hosts`, `/etc/hostname` and `/etc/resolve.conf` in a running |
|
| 128 |
-container. This is useful if you need to install BIND or other services that might |
|
| 129 |
-override one of those files. |
|
| 130 |
- |
|
| 131 |
-Note, however, that changes to these files are not saved when running `docker build` and |
|
| 132 |
-so will not be preserved in the resulting image. The changes will only “stick” in a |
|
| 133 |
-running container. |
|
| 134 |
- |
|
| 135 |
-*Docker proxy in a separate process* |
|
| 136 |
- |
|
| 137 |
-The Docker userland proxy that routes outbound traffic to your containers now has its own |
|
| 138 |
-separate process (one process per connection). This greatly reduces the load on the |
|
| 139 |
-daemon, which increases stability and efficiency. |
|
| 140 | 121 |
|
| 141 | 122 |
*Other improvements & changes* |
| 142 | 123 |
|
| 143 |
-* When using `docker rm -f`, Docker now kills the container (instead of stopping it) |
|
| 144 |
-before removing it . If you intend to stop the container cleanly, you can use `docker |
|
| 145 |
-stop`. |
|
| 146 |
- |
|
| 147 |
-* Added support for IPv6 addresses in `--dns` |
|
| 148 |
- |
|
| 149 |
-* Added search capability in private registries |
|
| 124 |
+We've added a new security options flag that lets you set SELinux and AppArmor |
|
| 125 |
+labels and profiles. This means you'll longer have to use `docker run |
|
| 126 |
+--privileged on kernels that support SE Linux or AppArmor. |
|
| 150 | 127 |
|