daemon during a build • For example most of the time you could add the .git folder to the .dockerignore https://docs.docker.com/reference/builder/#dockerignore
• Logs tailing with docker logs --tail • Ability to bind mount your whole host fs into a container: docker run –v /:/some/path • Filter client output with docker image –filter • --force-rm to remove containers, even after a fail build. • Testing framework and code coverage https://github.com/docker/docker/blob/master/CHANGELOG.md
of capabilities, all the other are dropped. • --privileged was introduced to grant access to all the capabilities. • In the release we will introduce --cap-add and --cap-drop
• Prevent any chown in the container: • Allow all capabilities but mknod: docker run --cap-add=NET_ADMIN ubuntu sh –c “ip link eth0 down” docker run --cap-drop=CAP_CHOWN ... docker run --cap-add=ALL --cap-drop=MKNOD ...
add devices by using a bind mount and --privileged . • In the next release we will introduce the --device flag. • To use your sound card without requiring privileged mode: docker run --device=/dev/snd:/dev/snd ...