Skip to content
This repository has been archived by the owner on Nov 6, 2023. It is now read-only.

Change Docker github url #287

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
** PLEASE ONLY USE THIS ISSUE TRACKER TO SUBMIT ISSUES WITH THE DOCKER LABS TUTORIAL CONTENT **

* If you have a bug working with Docker itself, not related to these labs, please file the bug on the [Docker repo](https://github.com/docker/docker) *
* If you have a bug working with Docker itself, not related to these labs, please file the bug on the [Docker repo](https://github.com/moby/moby) *
* If you would like general support figuring out how to do something with Docker, please use the Docker Slack channel. If you're not on that channel, sign up for the [Docker Community](http://dockr.ly/MeetUp) and you'll get an invite. *
* Or go to the [Docker Forums](https://forums.docker.com/) *

Expand Down
4 changes: 2 additions & 2 deletions contribute.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ Anything you contribute will be under an Apache license. Docker will choose whic

We will be following the lightweight version of the Docker contribution policies and procedures as explained in
- [Docker documentation](https://docs.docker.com)
- The [Docker engine repo](https://github.com/docker/docker/blob/master/CONTRIBUTING.md).
- The [Docker engine repo](https://github.com/moby/moby/blob/master/CONTRIBUTING.md).

This largely boils down to [signing your PRs](https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work), following the Docker [trademark guidelines](https://www.docker.com/trademark-guidelines), and following the community guidelines.
This largely boils down to [signing your PRs](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work), following the Docker [trademark guidelines](https://www.docker.com/trademark-guidelines), and following the community guidelines.
4 changes: 2 additions & 2 deletions developer-tools/java/chapters/ch08-aws.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ image::docker-aws-2.png[]

Select the number of Swarm manager (1) and worker (3) nodes. This wll create a 4 node cluster. Select the SSH key that will be used to access the cluster.

By default, the template is configured to redirect all log statements to CloudWatch. Until https://github.com/docker/docker/issues/30691[#30691] is fixed, the logs will only be available using CloudWatch. Alternatively, you may select to not redirect logs to CloudWatch. In this case, the usual command to get the logs will work.
By default, the template is configured to redirect all log statements to CloudWatch. Until https://github.com/moby/moby/issues/30691[#30691] is fixed, the logs will only be available using CloudWatch. Alternatively, you may select to not redirect logs to CloudWatch. In this case, the usual command to get the logs will work.

Scroll down to select manager and worker properties.

Expand Down Expand Up @@ -290,7 +290,7 @@ More details about the service can be obtained using `docker -H localhost:2374 s
]
```

Logs for the service cannot be seen using `docker service logs`. This will be fixed with https://github.com/docker/docker/issues/30691[#30691]. Instead they are visible using https://us-west-2.console.aws.amazon.com/cloudwatch/home?region=us-west-2#logs:prefix=Docker[CloudWatch Logs].
Logs for the service cannot be seen using `docker service logs`. This will be fixed with https://github.com/moby/moby/issues/30691[#30691]. Instead they are visible using https://us-west-2.console.aws.amazon.com/cloudwatch/home?region=us-west-2#logs:prefix=Docker[CloudWatch Logs].

.CloudWatch log group
image::docker-aws-10.png[]
Expand Down
2 changes: 1 addition & 1 deletion security/capabilities/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ Docker imposes certain limitations that make working with capabilities much simp

In an environment without file based capabilities, it's not possible for applications to escalate their privileges beyond the *bounding set* (a set beyond which capabilities cannot grow). Docker sets the *bounding set* before starting a container. You can use Docker commands to add or remove capabilities to or from the *bounding set*.

By default, Docker drops all capabilities except [those needed](https://github.com/docker/docker/blob/master/oci/defaults_linux.go#L64-L79), using a whitelist approach.
By default, Docker drops all capabilities except [those needed](https://github.com/moby/moby/blob/master/oci/defaults_linux.go#L64-L79), using a whitelist approach.

# <a name="docker_cap"></a>Step 2: Working with Docker and capabilities

Expand Down
6 changes: 3 additions & 3 deletions security/seccomp/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ In this step you removed *capabilities* and *apparmor* from interfering, and sta

# <a name="no-default"></a>Step 3: Run a container with no seccomp profile

Unless you specify a different profile, Docker will apply the [default seccomp profile](https://github.com/docker/docker/blob/master/profiles/seccomp/default.json) to all new containers. In this step you will see how to force a new container to run without a seccomp profile.
Unless you specify a different profile, Docker will apply the [default seccomp profile](https://github.com/moby/moby/blob/master/profiles/seccomp/default.json) to all new containers. In this step you will see how to force a new container to run without a seccomp profile.

1. Start a new container with the `--security-opt seccomp=unconfined` flag so that no seccomp profile is applied to it.

Expand Down Expand Up @@ -328,7 +328,7 @@ The remainder of this lab will walk you through a few things that are easy to mi

In versions of Docker prior to 1.12, seccomp polices tended to be applied very early in the container creation process. This resulted in you needing to add syscalls to your profile that were required for the container creation process but not required by your container. This was not ideal. See:

- https://github.com/docker/docker/issues/22252
- https://github.com/moby/moby/issues/22252
- https://github.com/opencontainers/runc/pull/789

A good way to avoid this issue in Docker 1.12+ can be to use the `--security-opt no-new-privileges` flag when starting your container. However, this will also prevent you from gaining privileges through `setuid` binaries.
Expand Down Expand Up @@ -362,7 +362,7 @@ Syscall numbers are architecture dependent. This limits the portability of BPF f

* Using the `--privileged` flag when creating a container with `docker run` disables seccomp in all versions of docker - even if you explicitly specify a seccomp profile. In general you should avoid using the `--privileged` flag as it does too many things. You can achieve the same goal with `--cap-add ALL --security-opt apparmor=unconfined --security-opt seccomp=unconfined`. If you need access to devices use `--device`.

* In docker 1.10-1.12 `docker exec --privileged` does not bypass seccomp. This may change in future versions https://github.com/docker/docker/issues/21984.
* In docker 1.10-1.12 `docker exec --privileged` does not bypass seccomp. This may change in future versions https://github.com/moby/moby/issues/21984.

* In docker 1.12 and later, adding a capability may enable some appropriate system calls in the default seccomp profile. However, it does not disable apparmor.

Expand Down
2 changes: 1 addition & 1 deletion security/userns/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ You will need all of the following to complete this lab:
- A Linux-based Docker Host running Docker 1.10 or higher
- Root access on the Docker Host

> **Note:** The instructions in this lab are tailored to a Docker Host running Ubuntu 15.10. An [open documented issue](https://github.com/docker/docker/issues/22633) exists with Ubuntu 16.04 Xenial .
> **Note:** The instructions in this lab are tailored to a Docker Host running Ubuntu 15.10. An [open documented issue](https://github.com/moby/moby/issues/22633) exists with Ubuntu 16.04 Xenial .

# <a name="defaults"></a>Step 1: Daemon and container defaults

Expand Down
2 changes: 1 addition & 1 deletion windows/registry/part-2.md
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ d6826c28b1cd: Pushed
nanoserver: digest: sha256:961497c5ca49dc217a6275d4d64b5e4681dd3b2712d94974b8ce4762675720b4 size: 1149
```

> Note. The two layers from Microsoft's base image are skipped - they don't get stored in the local registry, because the image is not freely redistributable. Check [GitHub issue 27580]( https://github.com/docker/docker/issues/27580) for more information.
> Note. The two layers from Microsoft's base image are skipped - they don't get stored in the local registry, because the image is not freely redistributable. Check [GitHub issue 27580](https://github.com/moby/moby/issues/27580) for more information.

On the local machine, you can remove the new image tag and the original image, and pull it again from the local registry to verify it was correctly stored:

Expand Down
2 changes: 1 addition & 1 deletion windows/sql-server/part-2.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ VOLUME c:\\database
ENV sa_password D0cker!a8s
```

> Note: this is a simplified approach to securing SQL Server. The Express instance is set up to allow SQL Server authentication, and an environment variable is used in the image for the `sa` password. Users can override the default password when they run a container, but environment variables are not meant for secrets. [Secret management](https://github.com/docker/docker/pull/27794) is coming to Docker soon.
> Note: this is a simplified approach to securing SQL Server. The Express instance is set up to allow SQL Server authentication, and an environment variable is used in the image for the `sa` password. Users can override the default password when they run a container, but environment variables are not meant for secrets. [Secret management](https://github.com/moby/moby/pull/27794) is coming to Docker soon.

The rest of the Dockerfile is straightforward. We set up a directory for the deployment package and deployment script, and copy them in from the Docker build context:

Expand Down