Bump version to v1.11.0-rc2

Signed-off-by: Tibor Vass <tibor@docker.com>

.mailmap

@@ -93,8 +93,7 @@ Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
 Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
 <alexl@redhat.com> <alexander.larsson@gmail.com>
-Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
-Alexander Morozov <lk4d4@docker.com>
+Alexandr Morozov <lk4d4math@gmail.com>
 <git.nivoc@neverbox.com> <kuehnle@online.de>
 O.S. Tezer <ostezer@gmail.com>
 <ostezer@gmail.com> <ostezer@users.noreply.github.com>
@@ -107,9 +106,7 @@ Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
 Liang-Chi Hsieh <viirya@gmail.com>
-Aleksa Sarai <asarai@suse.de>
-Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
-Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
+Aleksa Sarai <cyphar@cyphar.com>
 Will Weaver <monkey@buildingbananas.com>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
@@ -120,27 +117,24 @@ Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 <marc@marc-abramowitz.com> <msabramo@gmail.com>
 Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
 <bernat@luffy.cx> <vincent@bernat.im>
-<bernat@luffy.cx> <Vincent.Bernat@exoscale.ch>
 <p@pwaller.net> <peter@scraperwiki.com>
 <andrew.weiss@outlook.com> <andrew.weiss@microsoft.com>
 Francisco Carriedo <fcarriedo@gmail.com>
 <julienbordellier@gmail.com> <git@julienbordellier.com>
 <ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
+<lk4d4@docker.com> <lk4d4math@gmail.com>
 <arnaud.porterie@docker.com> <icecrime@gmail.com>
 <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
 Brian Goff <cpuguy83@gmail.com>
 <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
-<eric@windisch.us> <ewindisch@docker.com>
+<ewindisch@docker.com> <eric@windisch.us>
 <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
 Hollie Teal <hollie@docker.com>
 <hollie@docker.com> <hollie.teal@docker.com>
 <hollie@docker.com> <hollietealok@users.noreply.github.com>
 <huu@prismskylabs.com> <whoshuu@gmail.com>
-Jessica Frazelle <jess@mesosphere.com>
-Jessica Frazelle <jess@mesosphere.com> <jfrazelle@users.noreply.github.com>
-Jessica Frazelle <jess@mesosphere.com> <acidburn@docker.com>
-Jessica Frazelle <jess@mesosphere.com> <jess@docker.com>
-Jessica Frazelle <jess@mesosphere.com> <princess@docker.com>
+Jessica Frazelle <jess@docker.com> Jessie Frazelle <jfrazelle@users.noreply.github.com>
+<jess@docker.com> <jfrazelle@users.noreply.github.com>
 <konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
 <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
 <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
@@ -148,8 +142,6 @@ Jessica Frazelle <jess@mesosphere.com> <princess@docker.com>
 Thomas LEVEIL <thomasleveil@gmail.com> Thomas LÉVEIL <thomasleveil@users.noreply.github.com>
 <oi@truffles.me.uk> <timruffles@googlemail.com>
 <Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
-Antonio Murdaca <antonio.murdaca@gmail.com> <amurdaca@redhat.com>
-Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@redhat.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <me@runcom.ninja>
 Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@linux.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
@@ -159,9 +151,8 @@ Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
 Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
-John Howard (VM) <John.Howard@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
+<jess@docker.com> <princess@docker.com>
+John Howard (VM) <John.Howard@microsoft.com> John Howard <jhoward@microsoft.com>
 Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
 Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
 Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
@@ -178,60 +169,3 @@ bin liu <liubin0329@users.noreply.github.com> <liubin0329@gmail.com>
 John Howard (VM) <John.Howard@microsoft.com> jhowardmsft <jhoward@microsoft.com>
 Ankush Agarwal <ankushagarwal11@gmail.com> <ankushagarwal@users.noreply.github.com>
 Tangi COLIN <tangicolin@gmail.com> tangicolin <tangicolin@gmail.com>
-Allen Sun <allen.sun@daocloud.io>
-Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
-<aanm90@gmail.com> <martins@noironetworks.com>
-Anuj Bahuguna <anujbahuguna.dev@gmail.com>
-Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
-Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
-Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
-Chander G <chandergovind@gmail.com>
-Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
-Ying Li <cyli@twistedmatrix.com>
-Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeok-ui-MacBook-Air.local>
-<dqminh@cloudflare.com> <dqminh89@gmail.com>
-Daniel, Dao Quang Minh <dqminh@cloudflare.com>
-Daniel Nephin <dnephin@docker.com> <dnephin@gmail.com>
-Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
-Doug Tangren <d.tangren@gmail.com>
-Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
-Ben Golub <ben.golub@dotcloud.com>
-Harold Cooper <hrldcpr@gmail.com>
-hsinko <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
-Josh Hawn <josh.hawn@docker.com> <jlhawn@berkeley.edu>
-Justin Cormack <justin.cormack@docker.com>
-<justin.cormack@docker.com> <justin.cormack@unikernel.com>
-<justin.cormack@docker.com> <justin@specialbusservice.com>
-Kamil Domański <kamil@domanski.co>
-Lei Jitang <leijitang@huawei.com>
-<leijitang@huawei.com> <leijitang@gmail.com>
-Linus Heckemann <lheckemann@twig-world.com>
-<lheckemann@twig-world.com> <anonymouse2048@gmail.com>
-Lynda O'Leary <lyndaoleary29@gmail.com>
-<lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
-Marianna Tessel <mtesselh@gmail.com>
-Michael Huettermann <michael@huettermann.net>
-Moysés Borges <moysesb@gmail.com>
-<moysesb@gmail.com> <moyses.furtado@wplex.com.br>
-Nigel Poulton <nigelpoulton@hotmail.com>
-Qiang Huang <h.huangqiang@huawei.com>
-<h.huangqiang@huawei.com> <qhuang@10.0.2.15>
-Boaz Shuster <ripcurld.github@gmail.com>
-Shuwei Hao <haosw@cn.ibm.com>
-<haosw@cn.ibm.com> <haoshuwei24@gmail.com>
-Soshi Katsuta <soshi.katsuta@gmail.com>
-<soshi.katsuta@gmail.com> <katsuta_soshi@cyberagent.co.jp>
-Stefan Berger <stefanb@linux.vnet.ibm.com>
-<stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
-Stephen Day <stephen.day@docker.com>
-<stephen.day@docker.com> <stevvooe@users.noreply.github.com>
-Toli Kuznets <toli@docker.com>
-Tristan Carel <tristan@cogniteev.com>
-<tristan@cogniteev.com> <tristan.carel@gmail.com>
-Vincent Demeester <vincent@sbr.pm>
-<vincent@sbr.pm> <vincent+github@demeester.fr>
-Vishnu Kannan <vishnuk@google.com>
-xlgao-zju <xlgao@zju.edu.cn> xlgao <xlgao@zju.edu.cn>
-yuchangchun <yuchangchun1@huawei.com> y00277921 <yuchangchun1@huawei.com> 
-<zij@case.edu> <zjaffee@us.ibm.com>
-

CHANGELOG.md

@@ -5,7 +5,7 @@ information on the list of deprecated flags and APIs please have a look at
 https://docs.docker.com/engine/deprecated/ where target removal dates can also
 be found.
 
-## 1.11.0 (2016-04-13)
+## 1.11.0 (2016-04-12)
 
 **IMPORTANT**: With Docker 1.11, a Linux docker installation is now made of 4 binaries (`docker`, [`docker-containerd`](https://github.com/docker/containerd), [`docker-containerd-shim`](https://github.com/docker/containerd) and [`docker-runc`](https://github.com/opencontainers/runc)). If you have scripts relying on docker being a single static binaries, please make sure to update them. Interaction with the daemon stay the same otherwise, the usage of the other binaries should be transparent. A Windows docker installation remains a single binary, `docker.exe`.
 
@@ -45,7 +45,6 @@ be found.
 * Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
 * Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
 - Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
-- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
 
 ### Logging
 
@@ -76,31 +75,15 @@ be found.
 
 ### Networking
 
-- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
-- Fix "error creating vxlan interface" when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
+- Fix a bug where IPv6 addresses were not properly handled ([#20842](https://github.com/docker/docker/pull/20842))
 * `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
 + Experimental support for the MacVlan and IPVlan network drivers have been added ([#21122](https://github.com/docker/docker/pull/21122))
 * Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
 - Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
-* `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
+* `docker network inspect` now returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
 + Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
-* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
-- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
-* Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
-- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
-- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
-- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
-- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
-- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
-- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
-- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
-- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
-- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
-- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
-- Fix a panic when deleting an entry from /etc/hosts file  ([#21019](https://github.com/docker/docker/pull/21019))
-- Source the forwarded DNS queries from the container net namespace  ([#21019](https://github.com/docker/docker/pull/21019))
-- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
-- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
+* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server [#21396](https://github.com/docker/docker/pull/21396)
+* Multiple A/AAAA records from embedded DNS Server for DNS Round robin [#21019](https://github.com/docker/docker/pull/21019)
 
 ### Plugins
 
@@ -109,11 +92,6 @@ be found.
 
 ### Runtime
 
-- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
-- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
-- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
-- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))  
-  Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature.
 + It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
 + `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
 + Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
@@ -141,17 +119,12 @@ be found.
 * `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
 + Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
 - `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
-- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
-- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
-- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
 
 ### Security
 
 * Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
 * `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
 * `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
-* Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
-* Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
 
 ### Volumes
 
@@ -1686,7 +1659,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 + Add -rm to docker run for removing a container on exit
 - Remove error messages which are not actually errors
 - Fix `docker rm` with volumes
-- Fix some error cases where an HTTP body might not be closed
+- Fix some error cases where a HTTP body might not be closed
 - Fix panic with wrong dockercfg file
 - Fix the attach behavior with -i
 * Record termination time in state.

CONTRIBUTING.md

@@ -152,9 +152,9 @@ However, there might be a way to implement that feature *on top of* Docker.
       <a href="https://groups.google.com/forum/#!forum/docker-user" target="_blank">Docker-user</a>
       is for people using Docker containers.
       The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
-      group is for contributors and other people contributing to the Docker project.
-      You can join them without a google account by sending an email to 
-      <a href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
+      group is for contributors and other people contributing to the Docker
+      project.
+      You can join them without an google account by sending an email to e.g. "docker-user+subscribe@googlegroups.com".
       After receiving the join-request message, you can simply reply to that to confirm the subscribtion.
     </td>
   </tr>

Dockerfile

@@ -33,11 +33,7 @@ RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /et
 # add llvm repo
 RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421 \
 	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421
-RUN echo deb http://llvm.org/apt/jessie/ llvm-toolchain-jessie-3.8 main > /etc/apt/sources.list.d/llvm.list
-
-# allow replacing httpredir mirror
-ARG APT_MIRROR=httpredir.debian.org
-RUN sed -i s/httpredir.debian.org/$APT_MIRROR/g /etc/apt/sources.list
+RUN echo deb http://llvm.org/apt/trusty/ llvm-toolchain-trusty main > /etc/apt/sources.list.d/llvm.list
 
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
@@ -74,7 +70,6 @@ RUN apt-get update && apt-get install -y \
 	xfsprogs \
 	libzfs-dev \
 	tar \
-	zip \
 	--no-install-recommends \
 	&& pip install awscli==1.10.15 \
 	&& ln -snf /usr/bin/clang-3.8 /usr/local/bin/clang \
@@ -103,7 +98,7 @@ RUN set -x \
 	&& export OSXCROSS_PATH="/osxcross" \
 	&& git clone https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
 	&& ( cd $OSXCROSS_PATH && git checkout -q $OSX_CROSS_COMMIT) \
-	&& curl -sSL https://s3.dockerproject.org/darwin/v2/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
+	&& curl -sSL https://s3.dockerproject.org/darwin/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
 	&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
 ENV PATH /osxcross/target/bin:$PATH
 
@@ -126,7 +121,7 @@ RUN set -x \
 # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
 #            will need updating, to avoid errors. Ping #docker-maintainers on IRC
 #            with a heads-up.
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" \
 	| tar -xzC /usr/local
 ENV PATH /go/bin:/usr/local/go/bin:$PATH
@@ -203,7 +198,7 @@ RUN useradd --create-home --gid docker unprivilegeduser
 
 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -248,7 +243,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"
 
 # Install runc
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+ENV RUNC_COMMIT d563bd134293c1026976a8f5764d5df5612f1dbf
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
@@ -258,7 +253,7 @@ RUN set -x \
 	&& cp runc /usr/local/bin/docker-runc
 
 # Install containerd
-ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+ENV CONTAINERD_COMMIT c761085e92be09df9d5298f852c328b538f5dc2f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \

Dockerfile.aarch64

@@ -96,7 +96,7 @@ RUN set -x \
 # We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
 # so we use the official armv6 released binaries as a GOROOT_BOOTSTRAP, and
 # build Go from source code.
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN mkdir /usr/src/go && curl -fsSL https://storage.googleapis.com/golang/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
 	&& cd /usr/src/go/src \
 	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
@@ -145,7 +145,7 @@ RUN useradd --create-home --gid docker unprivilegeduser
 
 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -181,7 +181,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"
 
 # Install runc
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+ENV RUNC_COMMIT d563bd134293c1026976a8f5764d5df5612f1dbf
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
@@ -191,7 +191,7 @@ RUN set -x \
 	&& cp runc /usr/local/bin/docker-runc
 
 # Install containerd
-ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+ENV CONTAINERD_COMMIT c761085e92be09df9d5298f852c328b538f5dc2f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \

Dockerfile.armhf

@@ -65,8 +65,6 @@ RUN cd /usr/local/lvm2 \
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
 # Install Go
-# TODO Update to 1.5.4 once available, or build from source, as these builds
-# are marked "end of life", see http://dave.cheney.net/unofficial-arm-tarballs
 ENV GO_VERSION 1.5.3
 RUN curl -fsSL "http://dave.cheney.net/paste/go${GO_VERSION}.linux-arm.tar.gz" \
 	| tar -xzC /usr/local
@@ -156,7 +154,7 @@ RUN useradd --create-home --gid docker unprivilegeduser
 
 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -200,7 +198,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"
 
 # Install runc
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+ENV RUNC_COMMIT d563bd134293c1026976a8f5764d5df5612f1dbf
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
@@ -210,7 +208,7 @@ RUN set -x \
 	&& cp runc /usr/local/bin/docker-runc
 
 # Install containerd
-ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+ENV CONTAINERD_COMMIT c761085e92be09df9d5298f852c328b538f5dc2f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \

Dockerfile.gccgo

@@ -74,7 +74,7 @@ WORKDIR /go/src/github.com/docker/docker
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 
 # Install runc
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+ENV RUNC_COMMIT d563bd134293c1026976a8f5764d5df5612f1dbf
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
@@ -84,7 +84,7 @@ RUN set -x \
 	&& cp runc /usr/local/bin/docker-runc
 
 # Install containerd
-ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+ENV CONTAINERD_COMMIT c761085e92be09df9d5298f852c328b538f5dc2f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \

Dockerfile.ppc64le

@@ -74,10 +74,10 @@ RUN cd /usr/local/lvm2 \
 # TODO install Go, using gccgo as GOROOT_BOOTSTRAP (Go 1.5+ supports ppc64le properly)
 # possibly a ppc64le/golang image?
 
-## BUILD GOLANG
-ENV GO_VERSION 1.5.4
+## BUILD GOLANG 1.5.3
+ENV GO_VERSION 1.5.3
 ENV GO_DOWNLOAD_URL https://golang.org/dl/go${GO_VERSION}.src.tar.gz
-ENV GO_DOWNLOAD_SHA256 002acabce7ddc140d0d55891f9d4fcfbdd806b9332fb8b110c91bc91afb0bc93
+ENV GO_DOWNLOAD_SHA256 a96cce8ce43a9bf9b2a4c7d470bc7ee0cb00410da815980681c8353218dcf146
 ENV GOROOT_BOOTSTRAP /usr/local
 
 RUN curl -fsSL "$GO_DOWNLOAD_URL" -o golang.tar.gz \
@@ -155,7 +155,7 @@ RUN useradd --create-home --gid docker unprivilegeduser
 
 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV DOCKER_BUILDTAGS apparmor selinux
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -199,7 +199,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"
 
 # Install runc
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+ENV RUNC_COMMIT d563bd134293c1026976a8f5764d5df5612f1dbf
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
@@ -209,7 +209,7 @@ RUN set -x \
 	&& cp runc /usr/local/bin/docker-runc
 
 # Install containerd
-ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+ENV CONTAINERD_COMMIT c761085e92be09df9d5298f852c328b538f5dc2f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \

Dockerfile.s390x

@@ -134,7 +134,7 @@ RUN useradd --create-home --gid docker unprivilegeduser
 
 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV DOCKER_BUILDTAGS apparmor selinux
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -178,7 +178,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"
 
 # Install runc
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+ENV RUNC_COMMIT d563bd134293c1026976a8f5764d5df5612f1dbf
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
@@ -188,7 +188,7 @@ RUN set -x \
 	&& cp runc /usr/local/bin/docker-runc
 
 # Install containerd
-ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+ENV CONTAINERD_COMMIT c761085e92be09df9d5298f852c328b538f5dc2f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \

Dockerfile.simple

@@ -30,7 +30,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 	&& rm -rf /var/lib/apt/lists/*
 
 # Install runc
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+ENV RUNC_COMMIT d563bd134293c1026976a8f5764d5df5612f1dbf
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
@@ -40,7 +40,7 @@ RUN set -x \
 	&& cp runc /usr/local/bin/docker-runc
 
 # Install containerd
-ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+ENV CONTAINERD_COMMIT c761085e92be09df9d5298f852c328b538f5dc2f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \

Dockerfile.windows

@@ -40,7 +40,7 @@ FROM windowsservercore
 # Environment variable notes:
 #  - GO_VERSION must consistent with 'Dockerfile' used by Linux'.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GO_VERSION=1.5.4 \
+ENV GO_VERSION=1.5.3 \
     GIT_LOCATION=https://github.com/git-for-windows/git/releases/download/v2.7.2.windows.1/Git-2.7.2-64-bit.exe \
     RSRC_COMMIT=ba14da1f827188454a4591717fff29999010887f \
     GOPATH=C:/go;C:/go/src/github.com/docker/docker/vendor \

Makefile

@@ -69,11 +69,10 @@ bundles:
 cross: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross
 
+
 win: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh win
 
-tgz: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross tgz
 
 deb: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb

VERSION

@@ -1 +1 @@
-1.11.0
+1.11.0-rc2

api/client/load.go

@@ -41,7 +41,7 @@ func (cli *DockerCli) CmdLoad(args ...string) error {
 	}
 	defer response.Body.Close()
 
-	if response.Body != nil && response.JSON {
+	if response.JSON {
 		return jsonmessage.DisplayJSONMessagesStream(response.Body, cli.out, cli.outFd, cli.isTerminalOut, nil)
 	}
 

api/client/trust.go

@@ -252,7 +252,7 @@ func (cli *DockerCli) trustedReference(ref reference.NamedTagged) (reference.Can
 	// Resolve the Auth config relevant for this server
 	authConfig := cli.resolveAuthConfig(repoInfo.Index)
 
-	notaryRepo, err := cli.getNotaryRepository(repoInfo, authConfig, "pull")
+	notaryRepo, err := cli.getNotaryRepository(repoInfo, authConfig)
 	if err != nil {
 		fmt.Fprintf(cli.out, "Error establishing connection to trust repository: %s\n", err)
 		return nil, err

api/server/router/image/image_routes.go

@@ -269,17 +269,7 @@ func (s *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter,
 		return err
 	}
 	quiet := httputils.BoolValueOrDefault(r, "quiet", true)
-
-	if !quiet {
-		w.Header().Set("Content-Type", "application/json")
-
-		output := ioutils.NewWriteFlusher(w)
-		defer output.Close()
-		if err := s.backend.LoadImage(r.Body, output, quiet); err != nil {
-			output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
-		}
-		return nil
-	}
+	w.Header().Set("Content-Type", "application/json")
 	return s.backend.LoadImage(r.Body, w, quiet)
 }
 

api/server/router/system/system_routes.go

@@ -55,10 +55,11 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 		return err
 	}
 
-	var timeout <-chan time.Time
+	timer := time.NewTimer(0)
+	timer.Stop()
 	if until > 0 || untilNano > 0 {
 		dur := time.Unix(until, untilNano).Sub(time.Now())
-		timeout = time.NewTimer(dur).C
+		timer = time.NewTimer(dur)
 	}
 
 	ef, err := filters.FromParam(r.Form.Get("filters"))
@@ -98,7 +99,7 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 			if err := enc.Encode(jev); err != nil {
 				return err
 			}
-		case <-timeout:
+		case <-timer.C:
 			return nil
 		case <-closeNotify:
 			logrus.Debug("Client disconnected, stop sending events")

builder/dockerfile/builder.go

@@ -236,17 +236,6 @@ func (b *Builder) build(config *types.ImageBuildOptions, context builder.Context
 			}
 			return "", err
 		}
-
-		// Commit the layer when there are only one children in
-		// the dockerfile, this is only the `FROM` tag, and
-		// build labels. Otherwise, the new image won't be
-		// labeled properly.
-		// Commit here, so the ID of the final image is reported
-		// properly.
-		if len(b.dockerfile.Children) == 1 && len(b.options.Labels) > 0 {
-			b.commit("", b.runConfig.Cmd, "")
-		}
-
 		shortImgID = stringid.TruncateID(b.image)
 		fmt.Fprintf(b.Stdout, " ---> %s\n", shortImgID)
 		if b.options.Remove {

builder/dockerfile/internals.go

@@ -413,20 +413,7 @@ func (b *Builder) processImageFrom(img builder.Image) error {
 		b.image = img.ImageID()
 
 		if img.RunConfig() != nil {
-			imgConfig := *img.RunConfig()
-			// inherit runConfig labels from the current
-			// state if they've been set already.
-			// Ensures that images with only a FROM
-			// get the labels populated properly.
-			if b.runConfig.Labels != nil {
-				if imgConfig.Labels == nil {
-					imgConfig.Labels = make(map[string]string)
-				}
-				for k, v := range b.runConfig.Labels {
-					imgConfig.Labels[k] = v
-				}
-			}
-			b.runConfig = &imgConfig
+			b.runConfig = img.RunConfig()
 		}
 	}
 

container/container.go

@@ -909,7 +909,6 @@ func (container *Container) FullHostname() string {
 func (container *Container) RestartManager(reset bool) restartmanager.RestartManager {
 	if reset {
 		container.RestartCount = 0
-		container.restartManager = nil
 	}
 	if container.restartManager == nil {
 		container.restartManager = restartmanager.New(container.HostConfig.RestartPolicy)

contrib/builder/deb/amd64/debian-jessie/Dockerfile

@@ -6,7 +6,7 @@ FROM debian:jessie
 
 RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/deb/amd64/debian-stretch/Dockerfile

@@ -6,7 +6,7 @@ FROM debian:stretch
 
 RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/deb/amd64/debian-wheezy/Dockerfile

@@ -7,7 +7,7 @@ FROM debian:wheezy-backports
 RUN apt-get update && apt-get install -y -t wheezy-backports btrfs-tools --no-install-recommends && rm -rf /var/lib/apt/lists/*
 RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/deb/amd64/ubuntu-precise/Dockerfile

@@ -6,7 +6,7 @@ FROM ubuntu:precise
 
 RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential curl ca-certificates debhelper dh-apparmor  git libapparmor-dev  libltdl-dev  libsqlite3-dev pkg-config --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile

@@ -6,7 +6,7 @@ FROM ubuntu:trusty
 
 RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/deb/amd64/ubuntu-wily/Dockerfile

@@ -6,7 +6,7 @@ FROM ubuntu:wily
 
 RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile

@@ -6,7 +6,7 @@ FROM ubuntu:xenial
 
 RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/rpm/amd64/centos-7/Dockerfile

@@ -8,7 +8,7 @@ RUN yum groupinstall -y "Development Tools"
 RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs
 RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/rpm/amd64/fedora-22/Dockerfile

@@ -7,7 +7,7 @@ FROM fedora:22
 RUN dnf install -y @development-tools fedora-packager
 RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/rpm/amd64/fedora-23/Dockerfile

@@ -7,7 +7,7 @@ FROM fedora:23
 RUN dnf install -y @development-tools fedora-packager
 RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile

@@ -7,7 +7,7 @@ FROM opensuse:13.2
 RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build
 RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git systemd-rpm-macros
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile

@@ -10,7 +10,7 @@ RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinu
 RUN yum install -y yum-utils && curl -o /etc/yum.repos.d/public-yum-ol6.repo http://yum.oracle.com/public-yum-ol6.repo && yum-config-manager -q --enable ol6_UEKR4
 RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile

@@ -7,7 +7,7 @@ FROM oraclelinux:7
 RUN yum groupinstall -y "Development Tools"
 RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git
 
-ENV GO_VERSION 1.5.4
+ENV GO_VERSION 1.5.3
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
 ENV PATH $PATH:/usr/local/go/bin
 

contrib/completion/bash/docker

@@ -415,7 +415,7 @@ __docker_complete_log_options() {
 	local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag"
 	local journald_options="env labels tag"
 	local json_file_options="env labels max-file max-size"
-	local syslog_options="syslog-address syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag"
+	local syslog_options="syslog-address syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag"
 	local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag"
 
 	local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options"
@@ -507,10 +507,6 @@ __docker_complete_log_driver_options() {
 			" -- "${cur##*=}" ) )
 			return
 			;;
-		syslog-format)
-			COMPREPLY=( $( compgen -W "rfc3164 rfc5424" -- "${cur##*=}" ) )
-			return
-			;;
 		syslog-tls-@(ca-cert|cert|key))
 			_filedir
 			return
@@ -619,7 +615,7 @@ _docker_attach() {
 
  	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy=false" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy" -- "$cur" ) )
 			;;
 		*)
 			local counter=$(__docker_pos_first_nonflag '--detach-keys')
@@ -641,7 +637,6 @@ _docker_build() {
 		--cpu-quota
 		--file -f
 		--isolation
-		--label
 		--memory -m
 		--memory-swap
 		--shm-size
@@ -706,7 +701,7 @@ _docker_commit() {
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause=false -p=false" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause -p" -- "$cur" ) )
 			;;
 		*)
 			local counter=$(__docker_pos_first_nonflag '--author|-a|--change|-c|--message|-m')
@@ -798,7 +793,6 @@ _docker_daemon() {
 		--cluster-advertise
 		--cluster-store
 		--cluster-store-opt
-		--containerd
 		--default-gateway
 		--default-gateway-v6
 		--default-ulimit
@@ -875,7 +869,7 @@ _docker_daemon() {
 			__docker_complete_log_drivers
 			return
 			;;
-		--containerd|--pidfile|-p|--tlscacert|--tlscert|--tlskey)
+		--pidfile|-p|--tlscacert|--tlscert|--tlskey)
 			_filedir
 			return
 			;;
@@ -891,7 +885,6 @@ _docker_daemon() {
 				dm.fs
 				dm.loopdatasize
 				dm.loopmetadatasize
-				dm.min_free_space
 				dm.mkfsarg
 				dm.mountopt
 				dm.override_udev_sync_check
@@ -1082,7 +1075,7 @@ _docker_help() {
 _docker_history() {
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "--help --human=false -H=false --no-trunc --quiet -q" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--help --no-trunc --quiet -q" -- "$cur" ) )
 			;;
 		*)
 			local counter=$(__docker_pos_first_nonflag)
@@ -1331,14 +1324,11 @@ _docker_network_create() {
 			COMPREPLY=( $(compgen -W "$plugins" -- "$cur") )
 			return
 			;;
-		--label)
-			return
-			;;
 	esac
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --label --opt -o --subnet" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --opt -o --subnet" -- "$cur" ) )
 			;;
 	esac
 }
@@ -1673,7 +1663,6 @@ _docker_run() {
 		--tmpfs
 		--ulimit
 		--user -u
-		--userns
 		--uts
 		--volume-driver
 		--volumes-from
@@ -1710,24 +1699,6 @@ _docker_run() {
 	__docker_complete_log_driver_options && return
 	__docker_complete_restart && return
 
-	local key=$(__docker_map_key_of_current_option '--security-opt')
-	case "$key" in
-		label)
-			[[ $cur == *: ]] && return
-			COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "${cur##*=}") )
-			if [ "${COMPREPLY[*]}" != "disable" ] ; then
-				__docker_nospace
-			fi
-			return
-			;;
-		seccomp)
-			local cur=${cur##*=}
-			_filedir
-			COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) )
-			return
-			;;
-	esac
-
 	case "$prev" in
 		--add-host)
 			case "$cur" in
@@ -1825,20 +1796,32 @@ _docker_run() {
 			return
 			;;
 		--security-opt)
-			COMPREPLY=( $( compgen -W "apparmor= label= no-new-privileges seccomp=" -- "$cur") )
-			if [ "${COMPREPLY[*]}" != "no-new-privileges" ] ; then
-				__docker_nospace
-			fi
+			case "$cur" in
+				label=*:*)
+					;;
+				label=*)
+					local cur=${cur##*=}
+					COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "$cur") )
+					if [ "${COMPREPLY[*]}" != "disable" ] ; then
+						__docker_nospace
+					fi
+					;;
+				seccomp=*)
+					local cur=${cur##*=}
+					_filedir
+					COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) )
+					;;
+				*)
+					COMPREPLY=( $( compgen -W "label apparmor seccomp" -S ":" -- "$cur") )
+					__docker_nospace
+					;;
+			esac
 			return
 			;;
 		--user|-u)
 			__docker_complete_user_group
 			return
 			;;
-		--userns)
-			COMPREPLY=( $( compgen -W "host" -- "$cur" ) )
-			return
-			;;
 		--volume-driver)
 			__docker_complete_plugins Volume
 			return
@@ -2041,14 +2024,14 @@ _docker_volume_create() {
 			__docker_complete_plugins Volume
 			return
 			;;
-		--label|--name|--opt|-o)
+		--name|--opt|-o)
 			return
 			;;
 	esac
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "--driver -d --help --label --name --opt -o" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--driver -d --help --name --opt -o" -- "$cur" ) )
 			;;
 	esac
 }

contrib/completion/zsh/_docker

@@ -50,11 +50,11 @@ __docker_arguments() {
 __docker_get_containers() {
     [[ $PREFIX = -* ]] && return 1
     integer ret=1
-    local kind type line s
-    declare -a running stopped lines args names
+    local kind
+    declare -a running stopped lines args
 
-    kind=$1; shift
-    type=$1; shift
+    kind=$1
+    shift
     [[ $kind = (stopped|all) ]] && args=($args -a)
 
     lines=(${(f)"$(_call_program commands docker $docker_options ps --no-trunc $args)"})
@@ -73,40 +73,39 @@ __docker_get_containers() {
     lines=(${lines[2,-1]})
 
     # Container ID
-    if [[ $type = (ids|all) ]]; then
-        for line in $lines; do
-            s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}"
-            s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
-            s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
-            if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
-                stopped=($stopped $s)
-            else
-                running=($running $s)
-            fi
-        done
-    fi
+    local line
+    local s
+    for line in $lines; do
+        s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}"
+        s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
+        s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
+        if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
+            stopped=($stopped $s)
+        else
+            running=($running $s)
+        fi
+    done
 
     # Names: we only display the one without slash. All other names
     # are generated and may clutter the completion. However, with
     # Swarm, all names may be prefixed by the swarm node name.
-    if [[ $type = (names|all) ]]; then
-        for line in $lines; do
-            names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}})
-            # First step: find a common prefix and strip it (swarm node case)
-            (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/}
-            # Second step: only keep the first name without a /
-            s=${${names:#*/*}[1]}
-            # If no name, well give up.
-            (( $#s != 0 )) || continue
-            s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
-            s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
-            if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
-                stopped=($stopped $s)
-            else
-                running=($running $s)
-            fi
-        done
-    fi
+    local -a names
+    for line in $lines; do
+        names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}})
+        # First step: find a common prefix and strip it (swarm node case)
+        (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/}
+        # Second step: only keep the first name without a /
+        s=${${names:#*/*}[1]}
+        # If no name, well give up.
+        (( $#s != 0 )) || continue
+        s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
+        s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
+        if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
+            stopped=($stopped $s)
+        else
+            running=($running $s)
+        fi
+    done
 
     [[ $kind = (running|all) ]] && _describe -t containers-running "running containers" running "$@" && ret=0
     [[ $kind = (stopped|all) ]] && _describe -t containers-stopped "stopped containers" stopped "$@" && ret=0
@@ -115,27 +114,17 @@ __docker_get_containers() {
 
 __docker_stoppedcontainers() {
     [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers stopped all "$@"
+    __docker_get_containers stopped "$@"
 }
 
 __docker_runningcontainers() {
     [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers running all "$@"
+    __docker_get_containers running "$@"
 }
 
 __docker_containers() {
     [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers all all "$@"
-}
-
-__docker_containers_ids() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers all ids "$@"
-}
-
-__docker_containers_names() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers all names "$@"
+    __docker_get_containers all "$@"
 }
 
 __docker_images() {
@@ -211,12 +200,12 @@ __docker_get_log_options() {
     local -a awslogs_options fluentd_options gelf_options journald_options json_file_options syslog_options splunk_options
 
     awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream")
-    fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag")
+    fluentd_options=("env" "fluentd-address" "labels" "tag")
     gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels")
-    gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag")
-    journald_options=("env" "labels" "tag")
+    gelf_options=("env" "gelf-address" "labels" "tag")
+    journald_options=("env" "labels")
     json_file_options=("env" "labels" "max-file" "max-size")
-    syslog_options=("syslog-address" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag")
+    syslog_options=("syslog-address" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag")
     splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "tag")
 
     [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0
@@ -236,15 +225,7 @@ __docker_log_options() {
     integer ret=1
 
     if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (syslog-format)
-                syslog_format_opts=('rfc3164' 'rfc5424')
-                _describe -t syslog-format-opts "Syslog format Options" syslog_format_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
+        _message 'value' && ret=0
     else
         __docker_get_log_options -qS "=" && ret=0
     fi
@@ -263,43 +244,6 @@ __docker_complete_detach_keys() {
     _describe -t detach_keys-ctrl "'ctrl-' + 'a-z @ [ \\\\ ] ^ _'" ctrl_keys -qS "," && ret=0
 }
 
-__docker_complete_ps_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (ancestor)
-                __docker_images && ret=0
-                ;;
-            (before|since)
-                __docker_containers && ret=0
-                ;;
-            (id)
-                __docker_containers_ids && ret=0
-                ;;
-            (name)
-                __docker_containers_names && ret=0
-                ;;
-            (status)
-                status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running')
-                _describe -t status-filter-opts "Status Filter Options" status_opts && ret=0
-                ;;
-            (volume)
-                __docker_volumes && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('ancestor' 'before' 'exited' 'id' 'label' 'name' 'since' 'status' 'volume')
-        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
 __docker_networks() {
     [[ $PREFIX = -* ]] && return 1
     integer ret=1
@@ -391,7 +335,6 @@ __docker_network_subcommand() {
                 "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \
                 "($help)*--ipam-opt=[Custom IPAM plugin options]:opt=value: " \
                 "($help)--ipv6[Enable IPv6 networking]" \
-                "($help)*--label=[Set metadata on a network]:label=value: " \
                 "($help)*"{-o=,--opt=}"[Driver specific options]:opt=value: " \
                 "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \
                 "($help -)1:Network Name: " && ret=0
@@ -482,7 +425,6 @@ __docker_volume_subcommand() {
             _arguments $(__docker_arguments) \
                 $opts_help \
                 "($help -d --driver)"{-d=,--driver=}"[Volume driver name]:Driver name:(local)" \
-                "($help)*--label=[Set metadata for a volume]:label=value: " \
                 "($help)--name=[Volume name]" \
                 "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " && ret=0
             ;;
@@ -547,7 +489,6 @@ __docker_subcommand() {
         "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)"
         "($help)*--shm-size=[Size of '/dev/shm' (format is '<number><unit>')]:shm size: "
         "($help)*--ulimit=[ulimit options]:ulimit: "
-        "($help)--userns=[Container user namespace]:user namespace:(host)"
     )
     opts_build_create_run_update=(
         "($help)--cpu-shares=[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)"
@@ -585,7 +526,7 @@ __docker_subcommand() {
         "($help)--ipc=[IPC namespace to use]:IPC namespace: "
         "($help)*--link=[Add link to another container]:link:->link"
         "($help)*"{-l=,--label=}"[Container metadata]:label: "
-        "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)"
+        "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)"
         "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options"
         "($help)--mac-address=[Container MAC address]:MAC address: "
         "($help)--name=[Container name]:name: "
@@ -599,6 +540,7 @@ __docker_subcommand() {
         "($help)--pid=[PID namespace to use]:PID: "
         "($help)--privileged[Give extended privileges to this container]"
         "($help)--read-only[Mount the container's root filesystem as read only]"
+        "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)"
         "($help)*--security-opt=[Security options]:security option: "
         "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]"
         "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users"
@@ -612,7 +554,6 @@ __docker_subcommand() {
         "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)"
         "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: "
         "($help)--memory-reservation=[Memory soft limit]:Memory limit: "
-        "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)"
     )
     opts_attach_exec_run_start=(
         "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys"
@@ -635,7 +576,6 @@ __docker_subcommand() {
                 "($help)*--build-arg[Build-time variables]:<varname>=<value>: " \
                 "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \
                 "($help)--force-rm[Always remove intermediate containers]" \
-                "($help)*--label=[Set metadata for an image]:label=value: " \
                 "($help)--no-cache[Do not use cache when building the image]" \
                 "($help)--pull[Attempt to pull a newer version of the image]" \
                 "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \
@@ -699,7 +639,6 @@ __docker_subcommand() {
                 "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \
                 "($help)--bip=[Network bridge IP]:IP address: " \
                 "($help)--cgroup-parent=[Parent cgroup for all containers]:cgroup: " \
-                "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \
                 "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \
                 "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \
                 "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \
@@ -727,7 +666,7 @@ __docker_subcommand() {
                 "($help)--ipv6[Enable IPv6 networking]" \
                 "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \
                 "($help)*--label=[Key=value labels]:label: " \
-                "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" \
+                "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" \
                 "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" \
                 "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \
                 "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \
@@ -737,9 +676,9 @@ __docker_subcommand() {
                 "($help)--selinux-enabled[Enable selinux support]" \
                 "($help)*--storage-opt=[Storage driver options]:storage driver options: " \
                 "($help)--tls[Use TLS]" \
-                "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g \"*.(pem|crt)\"" \
-                "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g \"*.(pem|crt)\"" \
-                "($help)--tlskey=[Path to TLS key file]:Key file:_files -g \"*.(pem|key)\"" \
+                "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \
+                "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \
+                "($help)--tlskey=[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \
                 "($help)--tlsverify[Use TLS and verify the remote]" \
                 "($help)--userns-remap=[User/Group setting for user namespaces]:user\:group:->users-groups" \
                 "($help)--userland-proxy[Use userland proxy for loopback traffic]" && ret=0
@@ -871,8 +810,7 @@ __docker_subcommand() {
         (load)
             _arguments $(__docker_arguments) \
                 $opts_help \
-                "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g \"*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)\"" \
-                "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0
+                "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g "*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)"" && ret=0
             ;;
         (login)
             _arguments $(__docker_arguments) \
@@ -928,7 +866,7 @@ __docker_subcommand() {
                 $opts_help \
                 "($help -a --all)"{-a,--all}"[Show all containers]" \
                 "($help)--before=[Show only container created before...]:containers:__docker_containers" \
-                "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \
+                "($help)*"{-f=,--filter=}"[Filter values]:filter: " \
                 "($help)--format[Pretty-print containers using a Go template]:format: " \
                 "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \
                 "($help)-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)" \
@@ -936,24 +874,16 @@ __docker_subcommand() {
                 "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \
                 "($help -s --size)"{-s,--size}"[Display total file sizes]" \
                 "($help)--since=[Show only containers created since...]:containers:__docker_containers" && ret=0
-
-            case $state in
-                (filter-options)
-                    __docker_complete_ps_filters && ret=0
-                    ;;
-            esac
             ;;
         (pull)
             _arguments $(__docker_arguments) \
                 $opts_help \
                 "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \
-                "($help)--disable-content-trust[Skip image verification]" \
                 "($help -):name:__docker_search" && ret=0
             ;;
         (push)
             _arguments $(__docker_arguments) \
                 $opts_help \
-                "($help)--disable-content-trust[Skip image signing]" \
                 "($help -): :__docker_images" && ret=0
             ;;
         (rename)

contrib/docker-device-tool/README.md

@@ -1,14 +0,0 @@
-Docker device tool for devicemapper storage driver backend
-===================
-
-The ./contrib/docker-device-tool contains a tool to manipulate devicemapper thin-pool.
-
-Compile
-========
-
-    $ make shell
-    ## inside build container
-    $ go build contrib/docker-device-tool/device_tool.go
-
-    # if devicemapper version is old and compliation fails, compile with `libdm_no_deferred_remove` tag
-    $ go build -tags libdm_no_deferred_remove contrib/docker-device-tool/device_tool.go

daemon/config_unix.go

@@ -82,7 +82,7 @@ func (config *Config) InstallFlags(cmd *flag.FlagSet, usageFn func(string) strin
 	cmd.StringVar(&config.CorsHeaders, []string{"-api-cors-header"}, "", usageFn("Set CORS headers in the remote API"))
 	cmd.StringVar(&config.CgroupParent, []string{"-cgroup-parent"}, "", usageFn("Set parent cgroup for all containers"))
 	cmd.StringVar(&config.RemappedRoot, []string{"-userns-remap"}, "", usageFn("User/Group setting for user namespaces"))
-	cmd.StringVar(&config.ContainerdAddr, []string{"-containerd"}, "", usageFn("Path to containerd socket"))
+	cmd.StringVar(&config.ContainerdAddr, []string{"-containerd"}, "", usageFn("Path to containerD socket"))
 
 	config.attachExperimentalFlags(cmd, usageFn)
 }

daemon/container_operations.go

@@ -720,7 +720,7 @@ func (daemon *Daemon) releaseNetwork(container *container.Container) {
 
 	sb, err := daemon.netController.SandboxByID(sid)
 	if err != nil {
-		logrus.Warnf("error locating sandbox id %s: %v", sid, err)
+		logrus.Errorf("error locating sandbox id %s: %v", sid, err)
 		return
 	}
 

daemon/daemon.go

@@ -293,11 +293,6 @@ func (daemon *Daemon) restore() error {
 		go func(c *container.Container) {
 			defer wg.Done()
 			if c.IsRunning() || c.IsPaused() {
-				// Fix activityCount such that graph mounts can be unmounted later
-				if err := daemon.layerStore.ReinitRWLayer(c.RWLayer); err != nil {
-					logrus.Errorf("Failed to ReinitRWLayer for %s due to %s", c.ID, err)
-					return
-				}
 				if err := daemon.containerd.Restore(c.ID, libcontainerd.WithRestartManager(c.RestartManager(true))); err != nil {
 					logrus.Errorf("Failed to restore with containerd: %q", err)
 					return
@@ -309,6 +304,10 @@ func (daemon *Daemon) restore() error {
 				mapLock.Lock()
 				restartContainers[c] = make(chan struct{})
 				mapLock.Unlock()
+			} else if !c.IsRunning() && !c.IsPaused() {
+				if mountid, err := daemon.layerStore.GetMountID(c.ID); err == nil {
+					daemon.cleanupMountsByID(mountid)
+				}
 			}
 
 			// if c.hostConfig.Links is nil (not just empty), then it is using the old sqlite links and needs to be migrated

daemon/daemon_linux.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"regexp"
+	"path/filepath"
 	"strings"
 
 	"github.com/Sirupsen/logrus"
@@ -28,19 +28,78 @@ func (daemon *Daemon) cleanupMountsFromReaderByID(reader io.Reader, id string, u
 		return nil
 	}
 	var errors []string
-
-	regexps := getCleanPatterns(id)
+	mountRoot := ""
+	shmSuffix := "/" + id + "/shm"
+	mergedSuffix := "/" + id + "/merged"
 	sc := bufio.NewScanner(reader)
 	for sc.Scan() {
-		if fields := strings.Fields(sc.Text()); len(fields) >= 4 {
-			if mnt := fields[4]; strings.HasPrefix(mnt, daemon.root) {
-				for _, p := range regexps {
-					if p.MatchString(mnt) {
-						if err := unmount(mnt); err != nil {
-							logrus.Error(err)
-							errors = append(errors, err.Error())
-						}
-					}
+		line := sc.Text()
+		fields := strings.Fields(line)
+		if strings.HasPrefix(fields[4], daemon.root) {
+			logrus.Debugf("Mount base: %v", fields[4])
+			mnt := fields[4]
+			if strings.HasSuffix(mnt, shmSuffix) || strings.HasSuffix(mnt, mergedSuffix) {
+				logrus.Debugf("Unmounting %v", mnt)
+				if err := unmount(mnt); err != nil {
+					logrus.Error(err)
+					errors = append(errors, err.Error())
+				}
+			} else if mountBase := filepath.Base(mnt); mountBase == id {
+				mountRoot = mnt
+			}
+		}
+	}
+
+	if mountRoot != "" {
+		logrus.Debugf("Unmounting %v", mountRoot)
+		if err := unmount(mountRoot); err != nil {
+			logrus.Error(err)
+			errors = append(errors, err.Error())
+		}
+	}
+
+	if err := sc.Err(); err != nil {
+		return err
+	}
+
+	if len(errors) > 0 {
+		return fmt.Errorf("Error cleaningup mounts:\n%v", strings.Join(errors, "\n"))
+	}
+
+	logrus.Debugf("Cleaning up old container shm/mqueue/rootfs mounts: done.")
+	return nil
+}
+
+// cleanupMounts umounts shm/mqueue mounts for old containers
+func (daemon *Daemon) cleanupMounts() error {
+	logrus.Debugf("Cleaning up old container shm/mqueue/rootfs mounts: start.")
+	f, err := os.Open("/proc/self/mountinfo")
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	return daemon.cleanupMountsFromReader(f, mount.Unmount)
+}
+
+func (daemon *Daemon) cleanupMountsFromReader(reader io.Reader, unmount func(target string) error) error {
+	if daemon.root == "" {
+		return nil
+	}
+	sc := bufio.NewScanner(reader)
+	var errors []string
+	for sc.Scan() {
+		line := sc.Text()
+		fields := strings.Fields(line)
+		if strings.HasPrefix(fields[4], daemon.root) {
+			logrus.Debugf("Mount base: %v", fields[4])
+			mnt := fields[4]
+			mountBase := filepath.Base(mnt)
+			if mountBase == "shm" || mountBase == "merged" {
+				logrus.Debugf("Unmounting %v", mnt)
+				if err := unmount(mnt); err != nil {
+					logrus.Error(err)
+					errors = append(errors, err.Error())
 				}
 			}
 		}
@@ -51,30 +110,9 @@ func (daemon *Daemon) cleanupMountsFromReaderByID(reader io.Reader, id string, u
 	}
 
 	if len(errors) > 0 {
-		return fmt.Errorf("Error cleaning up mounts:\n%v", strings.Join(errors, "\n"))
+		return fmt.Errorf("Error cleaningup mounts:\n%v", strings.Join(errors, "\n"))
 	}
 
-	logrus.Debugf("Cleaning up old mountid %v: done.", id)
+	logrus.Debugf("Cleaning up old container shm/mqueue/rootfs mounts: done.")
 	return nil
 }
-
-// cleanupMounts umounts shm/mqueue mounts for old containers
-func (daemon *Daemon) cleanupMounts() error {
-	return daemon.cleanupMountsByID("")
-}
-
-func getCleanPatterns(id string) (regexps []*regexp.Regexp) {
-	var patterns []string
-	if id == "" {
-		id = "[0-9a-f]{64}"
-		patterns = append(patterns, "containers/"+id+"/shm")
-	}
-	patterns = append(patterns, "aufs/mnt/"+id+"$", "overlay/"+id+"/merged$", "zfs/graph/"+id+"$")
-	for _, p := range patterns {
-		r, err := regexp.Compile(p)
-		if err == nil {
-			regexps = append(regexps, r)
-		}
-	}
-	return
-}

daemon/daemon_linux_test.go

@@ -59,7 +59,7 @@ func TestCleanupMounts(t *testing.T) {
 		return nil
 	}
 
-	d.cleanupMountsFromReaderByID(strings.NewReader(mountsFixture), "", unmount)
+	d.cleanupMountsFromReader(strings.NewReader(mountsFixture), unmount)
 
 	if unmounted != 1 {
 		t.Fatalf("Expected to unmount the shm (and the shm only)")
@@ -97,7 +97,7 @@ func TestNotCleanupMounts(t *testing.T) {
 		return nil
 	}
 	mountInfo := `234 232 0:59 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k`
-	d.cleanupMountsFromReaderByID(strings.NewReader(mountInfo), "", unmount)
+	d.cleanupMountsFromReader(strings.NewReader(mountInfo), unmount)
 	if unmounted {
 		t.Fatalf("Expected not to clean up /dev/shm")
 	}

daemon/daemon_unix.go

@@ -466,36 +466,28 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 func (daemon *Daemon) getCgroupDriver() string {
 	cgroupDriver := cgroupFsDriver
 
-	if UsingSystemd(daemon.configStore) {
-		cgroupDriver = cgroupSystemdDriver
-	}
-	return cgroupDriver
-}
-
-// getCD gets the raw value of the native.cgroupdriver option, if set.
-func getCD(config *Config) string {
-	for _, option := range config.ExecOptions {
+	// No other cgroup drivers are supported at the moment. Warn the
+	// user if they tried to set one other than cgroupfs
+	for _, option := range daemon.configStore.ExecOptions {
 		key, val, err := parsers.ParseKeyValueOpt(option)
 		if err != nil || !strings.EqualFold(key, "native.cgroupdriver") {
 			continue
 		}
-		return val
+		if val != cgroupFsDriver {
+			logrus.Warnf("cgroupdriver '%s' is not supported", val)
+		}
 	}
-	return ""
+
+	return cgroupDriver
 }
 
-// VerifyCgroupDriver validates native.cgroupdriver
-func VerifyCgroupDriver(config *Config) error {
-	cd := getCD(config)
-	if cd == "" || cd == cgroupFsDriver || cd == cgroupSystemdDriver {
-		return nil
-	}
-	return fmt.Errorf("native.cgroupdriver option %s not supported", cd)
+func usingSystemd(config *Config) bool {
+	// No support for systemd cgroup atm
+	return false
 }
 
-// UsingSystemd returns true if cli option includes native.cgroupdriver=systemd
-func UsingSystemd(config *Config) bool {
-	return getCD(config) == cgroupSystemdDriver
+func (daemon *Daemon) usingSystemd() bool {
+	return daemon.getCgroupDriver() == cgroupSystemdDriver
 }
 
 // verifyPlatformContainerSettings performs platform-specific validation of the
@@ -541,7 +533,7 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 			return warnings, fmt.Errorf("Cannot use the --read-only option when user namespaces are enabled")
 		}
 	}
-	if hostConfig.CgroupParent != "" && UsingSystemd(daemon.configStore) {
+	if hostConfig.CgroupParent != "" && daemon.usingSystemd() {
 		// CgroupParent for systemd cgroup should be named as "xxx.slice"
 		if len(hostConfig.CgroupParent) <= 6 || !strings.HasSuffix(hostConfig.CgroupParent, ".slice") {
 			return warnings, fmt.Errorf("cgroup-parent for systemd cgroup should be a valid slice named as \"xxx.slice\"")
@@ -562,10 +554,7 @@ func verifyDaemonSettings(config *Config) error {
 	if !config.bridgeConfig.EnableIPTables && config.bridgeConfig.EnableIPMasq {
 		config.bridgeConfig.EnableIPMasq = false
 	}
-	if err := VerifyCgroupDriver(config); err != nil {
-		return err
-	}
-	if config.CgroupParent != "" && UsingSystemd(config) {
+	if config.CgroupParent != "" && usingSystemd(config) {
 		if len(config.CgroupParent) <= 6 || !strings.HasSuffix(config.CgroupParent, ".slice") {
 			return fmt.Errorf("cgroup-parent for systemd cgroup should be a valid slice named as \"xxx.slice\"")
 		}
@@ -1092,11 +1081,6 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 			MaxUsage: mem.MaxUsage,
 			Stats:    cgs.MemoryStats.Stats,
 			Failcnt:  mem.Failcnt,
-			Limit:    mem.Limit,
-		}
-		// if the container does not set memory limit, use the machineMemory
-		if mem.Limit > daemon.statsCollector.machineMemory && daemon.statsCollector.machineMemory > 0 {
-			s.MemoryStats.Limit = daemon.statsCollector.machineMemory
 		}
 		if cgs.PidsStats != nil {
 			s.PidsStats = types.PidsStats{

daemon/delete.go

@@ -102,7 +102,7 @@ func (daemon *Daemon) cleanupContainer(container *container.Container, forceRemo
 	// Save container state to disk. So that if error happens before
 	// container meta file got removed from disk, then a restart of
 	// docker should not make a dead container alive.
-	if err := container.ToDiskLocking(); err != nil && !os.IsNotExist(err) {
+	if err := container.ToDiskLocking(); err != nil {
 		logrus.Errorf("Error saving dying container to disk: %v", err)
 	}
 
@@ -123,14 +123,10 @@ func (daemon *Daemon) cleanupContainer(container *container.Container, forceRemo
 		return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err)
 	}
 
-	// When container creation fails and `RWLayer` has not been created yet, we
-	// do not call `ReleaseRWLayer`
-	if container.RWLayer != nil {
-		metadata, err := daemon.layerStore.ReleaseRWLayer(container.RWLayer)
-		layer.LogReleaseMetadata(metadata)
-		if err != nil && err != layer.ErrMountDoesNotExist {
-			return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.GraphDriverName(), container.ID, err)
-		}
+	metadata, err := daemon.layerStore.ReleaseRWLayer(container.RWLayer)
+	layer.LogReleaseMetadata(metadata)
+	if err != nil && err != layer.ErrMountDoesNotExist {
+		return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.GraphDriverName(), container.ID, err)
 	}
 
 	return nil

daemon/graphdriver/aufs/aufs.go

@@ -67,7 +67,6 @@ func init() {
 
 // Driver contains information about the filesystem mounted.
 type Driver struct {
-	sync.Mutex
 	root          string
 	uidMaps       []idtools.IDMap
 	gidMaps       []idtools.IDMap
@@ -419,9 +418,6 @@ func (a *Driver) getParentLayerPaths(id string) ([]string, error) {
 }
 
 func (a *Driver) mount(id string, target string, mountLabel string, layers []string) error {
-	a.Lock()
-	defer a.Unlock()
-
 	// If the id is mounted or we get an error return
 	if mounted, err := a.mounted(target); err != nil || mounted {
 		return err
@@ -436,9 +432,6 @@ func (a *Driver) mount(id string, target string, mountLabel string, layers []str
 }
 
 func (a *Driver) unmount(mountPath string) error {
-	a.Lock()
-	defer a.Unlock()
-
 	if mounted, err := a.mounted(mountPath); err != nil || !mounted {
 		return err
 	}

daemon/graphdriver/btrfs/btrfs.go

@@ -7,10 +7,6 @@ package btrfs
 #include <dirent.h>
 #include <btrfs/ioctl.h>
 #include <btrfs/ctree.h>
-
-static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) {
-    snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value);
-}
 */
 import "C"
 
@@ -163,10 +159,9 @@ func subvolSnapshot(src, dest, name string) error {
 
 	var args C.struct_btrfs_ioctl_vol_args_v2
 	args.fd = C.__s64(getDirFd(srcDir))
-
-	var cs = C.CString(name)
-	C.set_name_btrfs_ioctl_vol_args_v2(&args, cs)
-	C.free(unsafe.Pointer(cs))
+	for i, c := range []byte(name) {
+		args.name[i] = C.char(c)
+	}
 
 	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(destDir), C.BTRFS_IOC_SNAP_CREATE_V2,
 		uintptr(unsafe.Pointer(&args)))

daemon/graphdriver/devmapper/deviceset.go

@@ -22,7 +22,6 @@ import (
 	"github.com/Sirupsen/logrus"
 
 	"github.com/docker/docker/daemon/graphdriver"
-	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/devicemapper"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/loopback"
@@ -1657,12 +1656,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 	// https://github.com/docker/docker/issues/4036
 	if supported := devicemapper.UdevSetSyncSupport(true); !supported {
-		if dockerversion.IAmStatic == "true" {
-			logrus.Errorf("devmapper: Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a dynamic binary to use devicemapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/daemon/#daemon-storage-driver-option")
-		} else {
-			logrus.Errorf("devmapper: Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a more recent version of libdevmapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/daemon/#daemon-storage-driver-option")
-		}
-
+		logrus.Errorf("devmapper: Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a dynamic binary to use devicemapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/daemon/#daemon-storage-driver-option")
 		if !devices.overrideUdevSyncCheck {
 			return graphdriver.ErrNotSupported
 		}

daemon/kill.go

@@ -3,7 +3,6 @@ package daemon
 import (
 	"fmt"
 	"runtime"
-	"strings"
 	"syscall"
 	"time"
 
@@ -82,14 +81,7 @@ func (daemon *Daemon) killWithSignal(container *container.Container, sig int) er
 	}
 
 	if err := daemon.kill(container, sig); err != nil {
-		err = fmt.Errorf("Cannot kill container %s: %s", container.ID, err)
-		// if container or process not exists, ignore the error
-		if strings.Contains(err.Error(), "container not found") ||
-			strings.Contains(err.Error(), "no such process") {
-			logrus.Warnf("%s", err.Error())
-		} else {
-			return err
-		}
+		return fmt.Errorf("Cannot kill container %s: %s", container.ID, err)
 	}
 
 	attributes := map[string]string{

daemon/logger/journald/read.go

@@ -63,11 +63,11 @@ package journald
 //		fds[0].events = POLLHUP;
 //		fds[1].fd = sd_journal_get_fd(j);
 //		if (fds[1].fd < 0) {
-//			return fds[1].fd;
+//			return -1;
 //		}
 //		jevents = sd_journal_get_events(j);
 //		if (jevents < 0) {
-//			return jevents;
+//			return -1;
 //		}
 //		fds[1].events = jevents;
 //		sd_journal_get_timeout(j, &when);
@@ -81,7 +81,7 @@ package journald
 //		i = poll(fds, 2, timeout);
 //		if ((i == -1) && (errno != EINTR)) {
 //			/* An unexpected error. */
-//			return (errno != 0) ? -errno : -EINTR;
+//			return -1;
 //		}
 //		if (fds[0].revents & POLLHUP) {
 //			/* The close notification pipe was closed. */
@@ -101,7 +101,6 @@ import (
 	"time"
 	"unsafe"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/coreos/go-systemd/journal"
 	"github.com/docker/docker/daemon/logger"
 )
@@ -178,18 +177,9 @@ func (s *journald) followJournal(logWatcher *logger.LogWatcher, config logger.Re
 	s.readers.readers[logWatcher] = logWatcher
 	s.readers.mu.Unlock()
 	go func() {
-		// Keep copying journal data out until we're notified to stop
-		// or we hit an error.
-		status := C.wait_for_data_or_close(j, pfd[0])
-		for status == 1 {
+		// Keep copying journal data out until we're notified to stop.
+		for C.wait_for_data_or_close(j, pfd[0]) == 1 {
 			cursor = s.drainJournal(logWatcher, config, j, cursor)
-			status = C.wait_for_data_or_close(j, pfd[0])
-		}
-		if status < 0 {
-			cerrstr := C.strerror(C.int(-status))
-			errstr := C.GoString(cerrstr)
-			fmtstr := "error %q while attempting to follow journal for container %q"
-			logrus.Errorf(fmtstr, errstr, s.vars["CONTAINER_ID_FULL"])
 		}
 		// Clean up.
 		C.close(pfd[0])
@@ -303,21 +293,14 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 	}
 	cursor = s.drainJournal(logWatcher, config, j, "")
 	if config.Follow {
-		// Allocate a descriptor for following the journal, if we'll
-		// need one.  Do it here so that we can report if it fails.
-		if fd := C.sd_journal_get_fd(j); fd < C.int(0) {
-			logWatcher.Err <- fmt.Errorf("error opening journald follow descriptor: %q", C.GoString(C.strerror(-fd)))
+		// Create a pipe that we can poll at the same time as the journald descriptor.
+		if C.pipe(&pipes[0]) == C.int(-1) {
+			logWatcher.Err <- fmt.Errorf("error opening journald close notification pipe")
 		} else {
-			// Create a pipe that we can poll at the same time as
-			// the journald descriptor.
-			if C.pipe(&pipes[0]) == C.int(-1) {
-				logWatcher.Err <- fmt.Errorf("error opening journald close notification pipe")
-			} else {
-				s.followJournal(logWatcher, config, j, pipes, cursor)
-				// Let followJournal handle freeing the journal context
-				// object and closing the channel.
-				following = true
-			}
+			s.followJournal(logWatcher, config, j, pipes, cursor)
+			// Let followJournal handle freeing the journal context
+			// object and closing the channel.
+			following = true
 		}
 	}
 	return

daemon/monitor.go

@@ -77,7 +77,6 @@ func (daemon *Daemon) StateChanged(id string, e libcontainerd.StateInfo) error {
 			c.Reset(false)
 			return err
 		}
-		daemon.LogContainerEvent(c, "start")
 	case libcontainerd.StatePause:
 		c.Paused = true
 		daemon.LogContainerEvent(c, "pause")

daemon/oci_linux.go

@@ -8,7 +8,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/caps"
 	"github.com/docker/docker/libcontainerd"
@@ -536,8 +535,6 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 				}
 			}
 		}
-		s.Linux.ReadonlyPaths = nil
-		s.Linux.MaskedPaths = nil
 	}
 
 	// TODO: until a kernel/mount solution exists for handling remount in a user namespace,
@@ -586,24 +583,16 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
 	}
 
 	var cgroupsPath string
-	scopePrefix := "docker"
-	parent := "/docker"
-	useSystemd := UsingSystemd(daemon.configStore)
-	if useSystemd {
-		parent = "system.slice"
-	}
-
 	if c.HostConfig.CgroupParent != "" {
-		parent = c.HostConfig.CgroupParent
-	} else if daemon.configStore.CgroupParent != "" {
-		parent = daemon.configStore.CgroupParent
-	}
-
-	if useSystemd {
-		cgroupsPath = parent + ":" + scopePrefix + ":" + c.ID
-		logrus.Debugf("createSpec: cgroupsPath: %s", cgroupsPath)
+		cgroupsPath = filepath.Join(c.HostConfig.CgroupParent, c.ID)
 	} else {
-		cgroupsPath = filepath.Join(parent, c.ID)
+		defaultCgroupParent := "/docker"
+		if daemon.configStore.CgroupParent != "" {
+			defaultCgroupParent = daemon.configStore.CgroupParent
+		} else if daemon.usingSystemd() {
+			defaultCgroupParent = "system.slice"
+		}
+		cgroupsPath = filepath.Join(defaultCgroupParent, c.ID)
 	}
 	s.Linux.CgroupsPath = &cgroupsPath
 
@@ -662,10 +651,10 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
 
 	if apparmor.IsEnabled() {
 		appArmorProfile := "docker-default"
-		if len(c.AppArmorProfile) > 0 {
-			appArmorProfile = c.AppArmorProfile
-		} else if c.HostConfig.Privileged {
+		if c.HostConfig.Privileged {
 			appArmorProfile = "unconfined"
+		} else if len(c.AppArmorProfile) > 0 {
+			appArmorProfile = c.AppArmorProfile
 		}
 		s.Process.ApparmorProfile = appArmorProfile
 	}

daemon/start.go

@@ -131,6 +131,7 @@ func (daemon *Daemon) containerStart(container *container.Container) (err error)
 		return err
 	}
 
+	defer daemon.LogContainerEvent(container, "start") // this is logged even on error
 	if err := daemon.containerd.Create(container.ID, *spec, libcontainerd.WithRestartManager(container.RestartManager(true))); err != nil {
 		// if we receive an internal error from the initial start of a container then lets
 		// return it instead of entering the restart loop
@@ -148,9 +149,6 @@ func (daemon *Daemon) containerStart(container *container.Container) (err error)
 		}
 
 		container.Reset(false)
-
-		// start event is logged even on error
-		daemon.LogContainerEvent(container, "start")
 		return err
 	}
 
@@ -176,10 +174,8 @@ func (daemon *Daemon) Cleanup(container *container.Container) {
 		daemon.unregisterExecCommand(container, eConfig)
 	}
 
-	if container.BaseFS != "" {
-		if err := container.UnmountVolumes(false, daemon.LogVolumeEvent); err != nil {
-			logrus.Warnf("%s cleanup: Failed to umount volumes: %v", container.ID, err)
-		}
+	if err := container.UnmountVolumes(false, daemon.LogVolumeEvent); err != nil {
+		logrus.Warnf("%s cleanup: Failed to umount volumes: %v", container.ID, err)
 	}
 	container.CancelAttachContext()
 }

daemon/stats_collector_unix.go

@@ -14,7 +14,6 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/pkg/pubsub"
-	sysinfo "github.com/docker/docker/pkg/system"
 	"github.com/docker/engine-api/types"
 	"github.com/opencontainers/runc/libcontainer/system"
 )
@@ -36,11 +35,6 @@ func (daemon *Daemon) newStatsCollector(interval time.Duration) *statsCollector
 		clockTicksPerSecond: uint64(system.GetClockTicks()),
 		bufReader:           bufio.NewReaderSize(nil, 128),
 	}
-	meminfo, err := sysinfo.ReadMemInfo()
-	if err == nil && meminfo.MemTotal > 0 {
-		s.machineMemory = uint64(meminfo.MemTotal)
-	}
-
 	go s.run()
 	return s
 }
@@ -53,7 +47,6 @@ type statsCollector struct {
 	clockTicksPerSecond uint64
 	publishers          map[*container.Container]*pubsub.Publisher
 	bufReader           *bufio.Reader
-	machineMemory       uint64
 }
 
 // collect registers the container with the collector and adds it to

distribution/pull_v1.go

@@ -330,20 +330,7 @@ func (ld *v1LayerDescriptor) Download(ctx context.Context, progressOutput progre
 	logrus.Debugf("Downloaded %s to tempfile %s", ld.ID(), ld.tmpFile.Name())
 
 	ld.tmpFile.Seek(0, 0)
-
-	// hand off the temporary file to the download manager, so it will only
-	// be closed once
-	tmpFile := ld.tmpFile
-	ld.tmpFile = nil
-
-	return ioutils.NewReadCloserWrapper(tmpFile, func() error {
-		tmpFile.Close()
-		err := os.RemoveAll(tmpFile.Name())
-		if err != nil {
-			logrus.Errorf("Failed to remove temp file: %s", tmpFile.Name())
-		}
-		return err
-	}), ld.layerSize, nil
+	return ld.tmpFile, ld.layerSize, nil
 }
 
 func (ld *v1LayerDescriptor) Close() {

distribution/pull_v2.go

@@ -278,19 +278,7 @@ func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progre
 		ld.verifier = nil
 		return nil, 0, xfer.DoNotRetry{Err: err}
 	}
-
-	// hand off the temporary file to the download manager, so it will only
-	// be closed once
-	ld.tmpFile = nil
-
-	return ioutils.NewReadCloserWrapper(tmpFile, func() error {
-		tmpFile.Close()
-		err := os.RemoveAll(tmpFile.Name())
-		if err != nil {
-			logrus.Errorf("Failed to remove temp file: %s", tmpFile.Name())
-		}
-		return err
-	}), size, nil
+	return tmpFile, size, nil
 }
 
 func (ld *v2LayerDescriptor) Close() {

distribution/xfer/download_test.go

@@ -121,10 +121,6 @@ func (ls *mockLayerStore) GetMountID(string) (string, error) {
 	return "", errors.New("not implemented")
 }
 
-func (ls *mockLayerStore) ReinitRWLayer(layer.RWLayer) error {
-	return errors.New("not implemented")
-}
-
 func (ls *mockLayerStore) Cleanup() error {
 	return nil
 }

docker/daemon_unix.go

@@ -74,9 +74,5 @@ func (cli *DaemonCli) getPlatformRemoteOptions() []libcontainerd.RemoteOption {
 	} else {
 		opts = append(opts, libcontainerd.WithStartDaemon(true))
 	}
-	if daemon.UsingSystemd(cli.Config) {
-		args := []string{"--systemd-cgroup=true"}
-		opts = append(opts, libcontainerd.WithRuntimeArgs(args))
-	}
 	return opts
 }

docs/Dockerfile

@@ -1,8 +1,17 @@
-FROM docs/base:oss
+FROM docs/base:latest
 MAINTAINER Mary Anthony <mary@docker.com> (@moxiegirl)
 
+RUN svn checkout https://github.com/docker/compose/trunk/docs /docs/content/compose
+RUN svn checkout https://github.com/docker/swarm/trunk/docs /docs/content/swarm
+RUN svn checkout https://github.com/docker/machine/trunk/docs /docs/content/machine
+RUN svn checkout https://github.com/docker/distribution/trunk/docs /docs/content/registry
+RUN svn checkout https://github.com/docker/notary/trunk/docs /docs/content/notary
+RUN svn checkout https://github.com/docker/kitematic/trunk/docs /docs/content/kitematic
+RUN svn checkout https://github.com/docker/toolbox/trunk/docs /docs/content/toolbox
+RUN svn checkout https://github.com/docker/opensource/trunk/docs /docs/content/opensource
+
 ENV PROJECT=engine
 # To get the git info for this repo
 COPY . /src
-RUN rm -r /docs/content/$PROJECT/
+
 COPY . /docs/content/$PROJECT/

docs/Makefile

@@ -24,8 +24,9 @@ HUGO_BASE_URL=$(shell test -z "$(DOCKER_IP)" && echo localhost || echo "$(DOCKER
 HUGO_BIND_IP=0.0.0.0
 
 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
-GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
-DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
+DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+DOCKER_DOCS_IMAGE := docs-base$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+
 
 DOCKER_RUN_DOCS := docker run --rm -it $(DOCS_MOUNT) -e AWS_S3_BUCKET -e NOCACHE
 

docs/admin/cfengine_process_management.md

@@ -0,0 +1,150 @@
+<!--[metadata]>
++++
+aliases = ["/engine/articles/cfengine/"]
+title = "Process management with CFEngine"
+description = "Managing containerized processes with CFEngine"
+keywords = ["cfengine, process, management, usage, docker,  documentation"]
+[menu.main]
+parent = "engine_admin"
++++
+<![end-metadata]-->
+
+# Process management with CFEngine
+
+Create Docker containers with managed processes.
+
+Docker monitors one process in each running container and the container
+lives or dies with that process. By introducing CFEngine inside Docker
+containers, we can alleviate a few of the issues that may arise:
+
+ - It is possible to easily start multiple processes within a
+   container, all of which will be managed automatically, with the
+   normal `docker run` command.
+ - If a managed process dies or crashes, CFEngine will start it again
+   within 1 minute.
+ - The container itself will live as long as the CFEngine scheduling
+   daemon (cf-execd) lives. With CFEngine, we are able to decouple the
+   life of the container from the uptime of the service it provides.
+
+## How it works
+
+CFEngine, together with the cfe-docker integration policies, are
+installed as part of the Dockerfile. This builds CFEngine into our
+Docker image.
+
+The Dockerfile's `ENTRYPOINT` takes an arbitrary
+amount of commands (with any desired arguments) as parameters. When we
+run the Docker container these parameters get written to CFEngine
+policies and CFEngine takes over to ensure that the desired processes
+are running in the container.
+
+CFEngine scans the process table for the `basename` of the commands given
+to the `ENTRYPOINT` and runs the command to start the process if the `basename`
+is not found. For example, if we start the container with
+`docker run "/path/to/my/application parameters"`, CFEngine will look for a
+process named `application` and run the command. If an entry for `application`
+is not found in the process table at any point in time, CFEngine will execute
+`/path/to/my/application parameters` to start the application once again. The
+check on the process table happens every minute.
+
+Note that it is therefore important that the command to start your
+application leaves a process with the basename of the command. This can
+be made more flexible by making some minor adjustments to the CFEngine
+policies, if desired.
+
+## Usage
+
+This example assumes you have Docker installed and working. We will
+install and manage `apache2` and `sshd`
+in a single container.
+
+There are three steps:
+
+1. Install CFEngine into the container.
+2. Copy the CFEngine Docker process management policy into the
+   containerized CFEngine installation.
+3. Start your application processes as part of the `docker run` command.
+
+### Building the image
+
+The first two steps can be done as part of a Dockerfile, as follows.
+
+    FROM ubuntu
+    MAINTAINER Eystein Måløy Stenberg <eytein.stenberg@gmail.com>
+
+    RUN apt-get update && apt-get install -y wget lsb-release unzip ca-certificates
+
+    # install latest CFEngine
+    RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add -
+    RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list
+    RUN apt-get update && apt-get install -y cfengine-community
+
+    # install cfe-docker process management policy
+    RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/
+    RUN cp /tmp/cfe-docker-master/cfengine/bin/* /var/cfengine/bin/
+    RUN cp /tmp/cfe-docker-master/cfengine/inputs/* /var/cfengine/inputs/
+    RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip
+
+    # apache2 and openssh are just for testing purposes, install your own apps here
+    RUN apt-get update && apt-get install -y openssh-server apache2
+    RUN mkdir -p /var/run/sshd
+    RUN echo "root:password" | chpasswd  # need a password for ssh
+
+    ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"]
+
+By saving this file as Dockerfile to a working directory, you can then build
+your image with the docker build command, e.g.,
+`docker build -t managed_image`.
+
+### Testing the container
+
+Start the container with `apache2` and `sshd` running and managed, forwarding
+a port to our SSH instance:
+
+    $ docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start"
+
+We now clearly see one of the benefits of the cfe-docker integration: it
+allows to start several processes as part of a normal `docker run` command.
+
+We can now log in to our new container and see that both `apache2` and `sshd`
+are running. We have set the root password to "password" in the Dockerfile
+above and can use that to log in with ssh:
+
+    ssh -p222 root@127.0.0.1
+
+    ps -ef
+    UID        PID  PPID  C STIME TTY          TIME CMD
+    root         1     0  0 07:48 ?        00:00:00 /bin/bash /var/cfengine/bin/docker_processes_run.sh /usr/sbin/sshd /etc/init.d/apache2 start
+    root        18     1  0 07:48 ?        00:00:00 /var/cfengine/bin/cf-execd -F
+    root        20     1  0 07:48 ?        00:00:00 /usr/sbin/sshd
+    root        32     1  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
+    www-data    34    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
+    www-data    35    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
+    www-data    36    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
+    root        93    20  0 07:48 ?        00:00:00 sshd: root@pts/0
+    root       105    93  0 07:48 pts/0    00:00:00 -bash
+    root       112   105  0 07:49 pts/0    00:00:00 ps -ef
+
+If we stop apache2, it will be started again within a minute by
+CFEngine.
+
+    service apache2 status
+     Apache2 is running (pid 32).
+    service apache2 stop
+             * Stopping web server apache2 ... waiting    [ OK ]
+    service apache2 status
+     Apache2 is NOT running.
+    # ... wait up to 1 minute...
+    service apache2 status
+     Apache2 is running (pid 173).
+
+## Adapting to your applications
+
+To make sure your applications get managed in the same manner, there are
+just two things you need to adjust from the above example:
+
+ - In the Dockerfile used above, install your applications instead of
+   `apache2` and `sshd`.
+ - When you start the container with `docker run`,
+   specify the command line arguments to your applications rather than
+   `apache2` and `sshd`.

docs/admin/configuring.md

@@ -48,7 +48,7 @@ Some of the daemon's options are:
 | `--tls=false`         | Enable or disable TLS. By default, this is false.         |
 
 
-Here is an example of running the `docker` daemon with configuration options:
+Here is a an example of running the `docker` daemon with configuration options:
 
     $ docker daemon -D --tls=true --tlscert=/var/docker/server.pem --tlskey=/var/docker/serverkey.pem -H tcp://192.168.59.3:2376
 

docs/admin/logging/etwlogs.md

@@ -5,6 +5,7 @@ description = "Describes how to use the etwlogs logging driver."
 keywords = ["ETW, docker, logging, driver"]
 [menu.main]
 parent = "smn_logging" 
+weight=2
 +++
 <![end-metadata]-->
 

docs/admin/logging/fluentd.md

@@ -6,6 +6,7 @@ description = "Describes how to use the fluentd logging driver."
 keywords = ["Fluentd, docker, logging, driver"]
 [menu.main]
 parent = "smn_logging"
+weight=2
 +++
 <![end-metadata]-->
 
@@ -89,7 +90,7 @@ and [its documents](http://docs.fluentd.org/).
 To use this logging driver, start the `fluentd` daemon on a host. We recommend
 that you use [the Fluentd docker
 image](https://hub.docker.com/r/fluent/fluentd/). This image is
-especially useful if you want to aggregate multiple container logs on each
+especially useful if you want to aggregate multiple container logs on a each
 host then, later, transfer the logs to another Fluentd node to create an
 aggregate store.
 

docs/admin/logging/gcplogs.md

@@ -5,6 +5,7 @@ description = "Describes how to use the Google Cloud Logging driver."
 keywords = ["gcplogs, google, docker, logging, driver"]
 [menu.main]
 parent = "smn_logging"
+weight = 2
 +++
 <![end-metadata]-->
 

docs/admin/logging/journald.md

@@ -1,11 +1,12 @@
 <!--[metadata]>
 +++
 aliases = ["/engine/reference/logging/journald/"]
-title = "Journald logging driver"
+title = "journald logging driver"
 description = "Describes how to use the fluentd logging driver."
-keywords = ["Journald, docker, logging, driver"]
+keywords = ["Fluentd, docker, logging, driver"]
 [menu.main]
 parent = "smn_logging"
+weight = 2
 +++
 <![end-metadata]-->
 

docs/admin/logging/log_tags.md

@@ -6,7 +6,7 @@ description = "Describes how to format tags for."
 keywords = ["docker, logging, driver, syslog, Fluentd, gelf, journald"]
 [menu.main]
 parent = "smn_logging"
-weight = -1
+weight = 1
 +++
 <![end-metadata]-->
 

docs/admin/logging/overview.md

@@ -6,7 +6,7 @@ description = "Configure logging driver."
 keywords = ["docker, logging, driver, Fluentd"]
 [menu.main]
 parent = "smn_logging"
-weight=-99
+weight=-1
 +++
 <![end-metadata]-->
 
@@ -15,13 +15,10 @@ weight=-99
 
 The container can have a different logging driver than the Docker daemon. Use
 the `--log-driver=VALUE` with the `docker run` command to configure the
-container's logging driver. If the `--log-driver` option is not set, docker
-uses the default (`json-file`) logging driver. The following options are
-supported:
+container's logging driver. The following options are supported:
 
-| Driver      | Description                                                                                                                   |
-|-------------|-------------------------------------------------------------------------------------------------------------------------------|
 | `none`      | Disables any logging for the container. `docker logs` won't be available with this driver.                                    |
+|-------------|-------------------------------------------------------------------------------------------------------------------------------|
 | `json-file` | Default logging driver for Docker. Writes JSON messages to file.                                                              |
 | `syslog`    | Syslog logging driver for Docker. Writes log messages to syslog.                                                              |
 | `journald`  | Journald logging driver for Docker. Writes log messages to `journald`.                                                        |
@@ -35,58 +32,40 @@ supported:
 The `docker logs`command is available only for the `json-file` and `journald`
 logging drivers.
 
-The `labels` and `env` options add additional attributes for use with logging
-drivers that accept them. Each option takes a comma-separated list of keys. If
-there is collision between `label` and `env` keys, the value of the `env` takes
-precedence.
+The `labels` and `env` options add additional attributes for use with logging drivers that accept them. Each option takes a comma-separated list of keys. If there is collision between `label` and `env` keys, the value of the `env` takes precedence.
 
-To use attributes, specify them when you start the Docker daemon. For example,
-to manually start the daemon with the `json-file` driver, and include additional
-attributes in the output, run the following command:
+To use attributes, specify them when you start the Docker daemon.
 
-```bash
-$ docker daemon \
-    --log-driver=json-file \
-    --log-opt labels=foo \
-    --log-opt env=foo,fizz
+```
+docker daemon --log-driver=json-file --log-opt labels=foo --log-opt env=foo,fizz
 ```
 
-Then, run a container and specify values for the `labels` or `env`. For
-example, you might use this:
+Then, run a container and specify values for the `labels` or `env`.  For example, you might use this:
 
-```bash
-$ docker run -dit --label foo=bar -e fizz=buzz alpine sh
+```
+docker run --label foo=bar -e fizz=buzz -d -P training/webapp python app.py
 ```
 
 This adds additional fields to the log depending on the driver, e.g. for
 `json-file` that looks like:
 
-```json
-"attrs":{"fizz":"buzz","foo":"bar"}
-```
+    "attrs":{"fizz":"buzz","foo":"bar"}
 
 
 ## json-file options
 
 The following logging options are supported for the `json-file` logging driver:
 
-```bash
---log-opt max-size=[0-9+][k|m|g]
---log-opt max-file=[0-9+]
---log-opt labels=label1,label2
---log-opt env=env1,env2
-```
+    --log-opt max-size=[0-9+][k|m|g]
+    --log-opt max-file=[0-9+]
+    --log-opt labels=label1,label2
+    --log-opt env=env1,env2
 
-Logs that reach `max-size` are rolled over. You can set the size in
-kilobytes(k), megabytes(m), or gigabytes(g). eg `--log-opt max-size=50m`. If
-`max-size` is not set, then logs are not rolled over.
+Logs that reach `max-size` are rolled over. You can set the size in kilobytes(k), megabytes(m), or gigabytes(g). eg `--log-opt max-size=50m`. If `max-size` is not set, then logs are not rolled over.
 
-`max-file` specifies the maximum number of files that a log is rolled over
-before being discarded. eg `--log-opt max-file=100`. If `max-size` is not set,
-then `max-file` is not honored.
+`max-file` specifies the maximum number of files that a log is rolled over before being discarded. eg `--log-opt max-file=100`. If `max-size` is not set, then `max-file` is not honored.
 
-If `max-size` and `max-file` are set, `docker logs` only returns the log lines
-from the newest log file.
+If `max-size` and `max-file` are set, `docker logs` only returns the log lines from the newest log file.
 
 
 ## syslog options
@@ -103,20 +82,17 @@ The following logging options are supported for the `syslog` logging driver:
     --log-opt tag="mailer"
     --log-opt syslog-format=[rfc5424|rfc3164] 
 
-`syslog-address` specifies the remote syslog server address where the driver
-connects to. If not specified it defaults to the local unix socket of the
-running system. If transport is either `tcp` or `udp` and `port` is not
-specified it defaults to `514` The following example shows how to have the
-`syslog` driver connect to a `syslog` remote server at `192.168.0.42` on port
-`123`
+`syslog-address` specifies the remote syslog server address where the driver connects to.
+If not specified it defaults to the local unix socket of the running system.
+If transport is either `tcp` or `udp` and `port` is not specified it defaults to `514`
+The following example shows how to have the `syslog` driver connect to a `syslog`
+remote server at `192.168.0.42` on port `123`
 
-```bash
-$ docker run --log-driver=syslog --log-opt syslog-address=tcp://192.168.0.42:123
-```
+    $ docker run --log-driver=syslog --log-opt syslog-address=tcp://192.168.0.42:123
 
-The `syslog-facility` option configures the syslog facility. By default, the
-system uses the `daemon` value. To override this behavior, you can provide an
-integer of 0 to 23 or any of the following named facilities:
+The `syslog-facility` option configures the syslog facility. By default, the system uses the
+`daemon` value. To override this behavior, you can provide an integer of 0 to 23 or any of
+the following named facilities:
 
 * `kern`
 * `user`
@@ -140,19 +116,18 @@ integer of 0 to 23 or any of the following named facilities:
 * `local7`
 
 `syslog-tls-ca-cert` specifies the absolute path to the trust certificates
-signed by the CA. This option is ignored if the address protocol is not
-`tcp+tls`.
+signed by the CA. This option is ignored if the address protocol is not `tcp+tls`.
 
-`syslog-tls-cert` specifies the absolute path to the TLS certificate file. This
-option is ignored if the address protocol is not `tcp+tls`.
-
-`syslog-tls-key` specifies the absolute path to the TLS key file. This option
-is ignored if the address protocol is not `tcp+tls`.
-
-`syslog-tls-skip-verify` configures the TLS verification. This verification is
-enabled by default, but it can be overriden by setting this option to `true`.
+`syslog-tls-cert` specifies the absolute path to the TLS certificate file.
 This option is ignored if the address protocol is not `tcp+tls`.
 
+`syslog-tls-key` specifies the absolute path to the TLS key file.
+This option is ignored if the address protocol is not `tcp+tls`.
+
+`syslog-tls-skip-verify` configures the TLS verification.
+This verification is enabled by default, but it can be overriden by setting
+this option to `true`. This option is ignored if the address protocol is not `tcp+tls`.
+
 By default, Docker uses the first 12 characters of the container ID to tag log messages.
 Refer to the [log tag option documentation](log_tags.md) for customizing
 the log tag format.
@@ -162,40 +137,34 @@ If not specified it defaults to the local unix syslog format without hostname sp
 Specify rfc3164 to perform logging in RFC-3164 compatible format. Specify rfc5424 to perform 
 logging in RFC-5424 compatible format
 
+
 ## journald options
 
-The `journald` logging driver stores the container id in the journal's
-`CONTAINER_ID` field. For detailed information on working with this logging
-driver, see [the journald logging driver](journald.md) reference documentation.
+The `journald` logging driver stores the container id in the journal's `CONTAINER_ID` field. For detailed information on
+working with this logging driver, see [the journald logging driver](journald.md)
+reference documentation.
 
-## GELF options
+## gelf options
 
 The GELF logging driver supports the following options:
 
-```bash
---log-opt gelf-address=udp://host:port
---log-opt tag="database"
---log-opt labels=label1,label2
---log-opt env=env1,env2
---log-opt gelf-compression-type=gzip
---log-opt gelf-compression-level=1
-```
+    --log-opt gelf-address=udp://host:port
+    --log-opt tag="database"
+    --log-opt labels=label1,label2
+    --log-opt env=env1,env2
+    --log-opt gelf-compression-type=gzip
+    --log-opt gelf-compression-level=1
 
 The `gelf-address` option specifies the remote GELF server address that the
-driver connects to. Currently, only `udp` is supported as the transport and you
-must specify a `port` value. The following example shows how to connect the
-`gelf` driver to a GELF remote server at `192.168.0.42` on port `12201`
+driver connects to. Currently, only `udp` is supported as the transport and you must
+specify a `port` value. The following example shows how to connect the `gelf`
+driver to a GELF remote server at `192.168.0.42` on port `12201`
 
-```bash
-$ docker run -dit \
-    --log-driver=gelf \
-    --log-opt gelf-address=udp://192.168.0.42:12201 \
-    alpine sh
-```
+    $ docker run --log-driver=gelf --log-opt gelf-address=udp://192.168.0.42:12201
 
-By default, Docker uses the first 12 characters of the container ID to tag log
-messages. Refer to the [log tag option documentation](log_tags.md) for
-customizing the log tag format.
+By default, Docker uses the first 12 characters of the container ID to tag log messages.
+Refer to the [log tag option documentation](log_tags.md) for customizing
+the log tag format.
 
 The `labels` and `env` options are supported by the gelf logging
 driver. It adds additional key on the `extra` fields, prefixed by an
@@ -210,15 +179,14 @@ The `gelf-compression-type` option can be used to change how the GELF driver
 compresses each log message. The accepted values are `gzip`, `zlib` and `none`.
 `gzip` is chosen by default.
 
-The `gelf-compression-level` option can be used to change the level of
-compresssion when `gzip` or `zlib` is selected as `gelf-compression-type`.
-Accepted value must be from from -1 to 9 (BestCompression). Higher levels
-typically run slower but compress more. Default value is 1 (BestSpeed).
+The `gelf-compression-level` option can be used to change the level of compresssion
+when `gzip` or `zlib` is selected as `gelf-compression-type`. Accepted value
+must be from from -1 to 9 (BestCompression). Higher levels typically
+run slower but compress more. Default value is 1 (BestSpeed).
 
-## Fluentd options
+## fluentd options
 
-You can use the `--log-opt NAME=VALUE` flag to specify these additional Fluentd
-logging driver options.
+You can use the `--log-opt NAME=VALUE` flag to specify these additional Fluentd logging driver options.
 
  - `fluentd-address`: specify `host:port` to connect [localhost:24224]
  - `tag`: specify tag for `fluentd` message
@@ -229,13 +197,7 @@ logging driver options.
 
 For example, to specify both additional options:
 
-```bash
-$ docker run -dit \
-    --log-driver=fluentd \
-    --log-opt fluentd-address=localhost:24224 \
-    --log-opt tag="docker.{{.Name}}" \
-    alpine sh
-```
+`docker run --log-driver=fluentd --log-opt fluentd-address=localhost:24224 --log-opt tag=docker.{{.Name}}`
 
 If container cannot connect to the Fluentd daemon on the specified address and
 `fluentd-async-connect` is not enabled, the container stops immediately.
@@ -243,51 +205,42 @@ For detailed information on working with this logging driver,
 see [the fluentd logging driver](fluentd.md)
 
 
-## Amazon CloudWatch Logs options
+## Specify Amazon CloudWatch Logs options
 
 The Amazon CloudWatch Logs logging driver supports the following options:
 
-```bash
---log-opt awslogs-region=<aws_region>
---log-opt awslogs-group=<log_group_name>
---log-opt awslogs-stream=<log_stream_name>
-```
+    --log-opt awslogs-region=<aws_region>
+    --log-opt awslogs-group=<log_group_name>
+    --log-opt awslogs-stream=<log_stream_name>
 
-For detailed information on working with this logging driver, see [the awslogs
-logging driver](awslogs.md) reference documentation.
+
+For detailed information on working with this logging driver, see [the awslogs logging driver](awslogs.md) reference documentation.
 
 ## Splunk options
 
 The Splunk logging driver requires the following options:
 
-```bash
---log-opt splunk-token=<splunk_http_event_collector_token>
---log-opt splunk-url=https://your_splunk_instance:8088
-```
+    --log-opt splunk-token=<splunk_http_event_collector_token>
+    --log-opt splunk-url=https://your_splunk_instance:8088
 
-For detailed information about working with this logging driver, see the
-[Splunk logging driver](splunk.md) reference documentation.
+For detailed information about working with this logging driver, see the [Splunk logging driver](splunk.md)
+reference documentation.
 
 ## ETW logging driver options
 
-The etwlogs logging driver does not require any options to be specified. This
-logging driver forwards each log message as an ETW event. An ETW listener
-can then be created to listen for these events.
+The etwlogs logging driver does not require any options to be specified. This logging driver will forward each log message
+as an ETW event. An ETW listener can then be created to listen for these events. 
 
-The ETW logging driver is only available on Windows. For detailed information
-on working with this logging driver, see [the ETW logging driver](etwlogs.md)
-reference documentation.
+For detailed information on working with this logging driver, see [the ETW logging driver](etwlogs.md) reference documentation.
 
-## Google Cloud Logging options
+## Google Cloud Logging
 
 The Google Cloud Logging driver supports the following options:
 
-```bash
---log-opt gcp-project=<gcp_projext>
---log-opt labels=<label1>,<label2>
---log-opt env=<envvar1>,<envvar2>
---log-opt log-cmd=true
-```
+    --log-opt gcp-project=<gcp_projext>
+    --log-opt labels=<label1>,<label2>
+    --log-opt env=<envvar1>,<envvar2>
+    --log-opt log-cmd=true
 
-For detailed information about working with this logging driver, see the
-[Google Cloud Logging driver](gcplogs.md). reference documentation.
+For detailed information about working with this logging driver, see the [Google Cloud Logging driver](gcplogs.md).
+reference documentation.

docs/admin/logging/splunk.md

@@ -6,6 +6,7 @@ description = "Describes how to use the Splunk logging driver."
 keywords = ["splunk, docker, logging, driver"]
 [menu.main]
 parent = "smn_logging"
+weight = 2
 +++
 <![end-metadata]-->
 

docs/admin/runmetrics.md

@@ -33,7 +33,7 @@ more details about the `docker stats` command.
 ## Control groups
 
 Linux Containers rely on [control groups](
-https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt)
+https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt)
 which not only track groups of processes, but also expose metrics about
 CPU, memory, and block I/O usage. You can access those metrics and
 obtain network usage metrics as well. This is relevant for "pure" LXC
@@ -256,7 +256,7 @@ compatibility reasons.
 Block I/O is accounted in the `blkio` controller.
 Different metrics are scattered across different files. While you can
 find in-depth details in the [blkio-controller](
-https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt)
+https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt)
 file in the kernel documentation, here is a short list of the most
 relevant ones:
 

docs/admin/systemd.md

@@ -33,19 +33,15 @@ If you want Docker to start at boot, you should also:
 There are a number of ways to configure the daemon flags and environment variables
 for your Docker daemon.
 
-The recommended way is to use a systemd drop-in file (as described in
-the <a target="_blank"
-href="https://www.freedesktop.org/software/systemd/man/systemd.unit.html">systemd.unit</a>
-documentation). These are local files named `<something>.conf` in the
-`/etc/systemd/system/docker.service.d` directory. This could also be
-`/etc/systemd/system/docker.service`, which also works for overriding
-the defaults from `/lib/systemd/system/docker.service`.
+The recommended way is to use a systemd drop-in file. These are local files in
+the `/etc/systemd/system/docker.service.d` directory. This could also be
+`/etc/systemd/system/docker.service`, which also works for overriding the
+defaults from `/lib/systemd/system/docker.service`.
 
-However, if you had previously used a package which had an
-`EnvironmentFile` (often pointing to `/etc/sysconfig/docker`) then for
-backwards compatibility, you drop a file with a `.conf` extension into
-the `/etc/systemd/system/docker.service.d` directory including the
-following:
+However, if you had previously used a package which had an `EnvironmentFile`
+(often pointing to `/etc/sysconfig/docker`) then for backwards compatibility,
+you drop a file in the `/etc/systemd/system/docker.service.d`
+directory including the following:
 
     [Service]
     EnvironmentFile=-/etc/sysconfig/docker
@@ -60,14 +56,14 @@ following:
 
 To check if the `docker.service` uses an `EnvironmentFile`:
 
-    $ systemctl show docker | grep EnvironmentFile
+    $ sudo systemctl show docker | grep EnvironmentFile
     EnvironmentFile=-/etc/sysconfig/docker (ignore_errors=yes)
 
 Alternatively, find out where the service file is located:
 
-    $ systemctl show --property=FragmentPath docker
-    FragmentPath=/usr/lib/systemd/system/docker.service
-    $ grep EnvironmentFile /usr/lib/systemd/system/docker.service
+    $ sudo systemctl status docker | grep Loaded
+       Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
+    $ sudo grep EnvironmentFile /usr/lib/systemd/system/docker.service
     EnvironmentFile=-/etc/sysconfig/docker
 
 You can customize the Docker daemon options using override files as explained in the
@@ -123,7 +119,7 @@ If you fail to specify an empty configuration, Docker reports an error such as:
 
 This example overrides the default `docker.service` file.
 
-If you are behind an HTTP proxy server, for example in corporate settings,
+If you are behind a HTTP proxy server, for example in corporate settings,
 you will need to add this configuration in the Docker systemd service file.
 
 First, create a systemd drop-in directory for the docker service:
@@ -147,7 +143,7 @@ Flush changes:
 
 Verify that the configuration has been loaded:
 
-    $ systemctl show --property=Environment docker
+    $ sudo systemctl show docker --property Environment
     Environment=HTTP_PROXY=http://proxy.example.com:80/
 
 Restart Docker:

docs/admin/using_supervisord.md

@@ -15,140 +15,104 @@ parent = "engine_admin"
 > - **If you don't like sudo** then see [*Giving non-root
 >   access*](../installation/binaries.md#giving-non-root-access)
 
-Traditionally a Docker container runs a single process when it is launched, for
-example an Apache daemon or a SSH server daemon. Often though you want to run
-more than one process in a container. There are a number of ways you can
-achieve this ranging from using a simple Bash script as the value of your
-container's `CMD` instruction to installing a process management tool.
+Traditionally a Docker container runs a single process when it is
+launched, for example an Apache daemon or a SSH server daemon. Often
+though you want to run more than one process in a container. There are a
+number of ways you can achieve this ranging from using a simple Bash
+script as the value of your container's `CMD` instruction to installing
+a process management tool.
 
-In this example you're going to make use of the process management tool,
-[Supervisor](http://supervisord.org/), to manage multiple processes in a
-container. Using Supervisor allows you to better control, manage, and restart
-the processes inside the container. To demonstrate this we're going to install
-and manage both an SSH daemon and an Apache daemon.
+In this example we're going to make use of the process management tool,
+[Supervisor](http://supervisord.org/), to manage multiple processes in
+our container. Using Supervisor allows us to better control, manage, and
+restart the processes we want to run. To demonstrate this we're going to
+install and manage both an SSH daemon and an Apache daemon.
 
 ## Creating a Dockerfile
 
-Let's start by creating a basic `Dockerfile` for our new image.
+Let's start by creating a basic `Dockerfile` for our
+new image.
 
-```Dockerfile
-FROM ubuntu:16.04
-MAINTAINER examples@docker.com
-```
+    FROM ubuntu:13.04
+    MAINTAINER examples@docker.com
 
 ## Installing Supervisor
 
-You can now install the SSH and Apache daemons as well as Supervisor in the
-container.
+We can now install our SSH and Apache daemons as well as Supervisor in
+our container.
 
-```Dockerfile
-RUN apt-get update && apt-get install -y openssh-server apache2 supervisor
-RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/run/sshd /var/log/supervisor
-```
+    RUN apt-get update && apt-get install -y openssh-server apache2 supervisor
+    RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/run/sshd /var/log/supervisor
 
-The first `RUN` instruction installs the `openssh-server`, `apache2` and
-`supervisor` (which provides the Supervisor daemon) packages. The next `RUN`
-instruction creates four new directories that are needed to run the SSH daemon
-and Supervisor.
+Here we're installing the `openssh-server`,
+`apache2` and `supervisor`
+(which provides the Supervisor daemon) packages. We're also creating four
+new directories that are needed to run our SSH daemon and Supervisor.
 
 ## Adding Supervisor's configuration file
 
-Now let's add a configuration file for Supervisor. The default file is called
-`supervisord.conf` and is located in `/etc/supervisor/conf.d/`.
+Now let's add a configuration file for Supervisor. The default file is
+called `supervisord.conf` and is located in
+`/etc/supervisor/conf.d/`.
 
-```Dockerfile
-COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-```
+    COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
-Let's see what is inside the `supervisord.conf` file.
+Let's see what is inside our `supervisord.conf`
+file.
 
-```ini
-[supervisord]
-nodaemon=true
+    [supervisord]
+    nodaemon=true
 
-[program:sshd]
-command=/usr/sbin/sshd -D
+    [program:sshd]
+    command=/usr/sbin/sshd -D
 
-[program:apache2]
-command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND"
-```
+    [program:apache2]
+    command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND"
 
-The `supervisord.conf` configuration file contains directives that configure
-Supervisor and the processes it manages. The first block `[supervisord]`
-provides configuration for Supervisor itself. The `nodaemon` directive is used,
-which tells Supervisor to run interactively rather than daemonize.
+The `supervisord.conf` configuration file contains
+directives that configure Supervisor and the processes it manages. The
+first block `[supervisord]` provides configuration
+for Supervisor itself. We're using one directive, `nodaemon`
+which tells Supervisor to run interactively rather than
+daemonize.
 
-The next two blocks manage the services we wish to control. Each block controls
-a separate process. The blocks contain a single directive, `command`, which
-specifies what command to run to start each process.
+The next two blocks manage the services we wish to control. Each block
+controls a separate process. The blocks contain a single directive,
+`command`, which specifies what command to run to
+start each process.
 
 ## Exposing ports and running Supervisor
 
-Now let's finish the `Dockerfile` by exposing some required ports and
-specifying the `CMD` instruction to start Supervisor when our container
+Now let's finish our `Dockerfile` by exposing some
+required ports and specifying the `CMD` instruction
+to start Supervisor when our container launches.
+
+    EXPOSE 22 80
+    CMD ["/usr/bin/supervisord"]
+
+Here We've exposed ports 22 and 80 on the container and we're running
+the `/usr/bin/supervisord` binary when the container
 launches.
 
-```Dockerfile
-EXPOSE 22 80
-CMD ["/usr/bin/supervisord"]
-```
-
-These instructions tell Docker that ports 22 and 80 are exposed  by the
-container and that the `/usr/bin/supervisord` binary should be executed when
-the container launches.
-
 ## Building our image
 
-Your completed Dockerfile now looks like this:
+We can now build our new image.
 
-```Dockerfile
-FROM ubuntu:16.04
-MAINTAINER examples@docker.com
+    $ docker build -t <yourname>/supervisord .
 
-RUN apt-get update && apt-get install -y openssh-server apache2 supervisor
-RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/run/sshd /var/log/supervisor
+## Running our Supervisor container
 
-COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+Once We've got a built image we can launch a container from it.
 
-EXPOSE 22 80
-CMD ["/usr/bin/supervisord"]
-```
+    $ docker run -p 22 -p 80 -t -i <yourname>/supervisord
+    2013-11-25 18:53:22,312 CRIT Supervisor running as root (no user in config file)
+    2013-11-25 18:53:22,312 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
+    2013-11-25 18:53:22,342 INFO supervisord started with pid 1
+    2013-11-25 18:53:23,346 INFO spawned: 'sshd' with pid 6
+    2013-11-25 18:53:23,349 INFO spawned: 'apache2' with pid 7
+    . . .
 
-And your `supervisord.conf` file looks like this;
-
-```ini
-[supervisord]
-nodaemon=true
-
-[program:sshd]
-command=/usr/sbin/sshd -D
-
-[program:apache2]
-command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND"
-```
-
-
-You can now build the image using this command;
-
-```bash
-$ docker build -t mysupervisord .
-```
-
-## Running your Supervisor container
-
-Once you have built your image you can launch a container from it.
-
-```bash
-$ docker run -p 22 -p 80 -t -i mysupervisord
-2013-11-25 18:53:22,312 CRIT Supervisor running as root (no user in config file)
-2013-11-25 18:53:22,312 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
-2013-11-25 18:53:22,342 INFO supervisord started with pid 1
-2013-11-25 18:53:23,346 INFO spawned: 'sshd' with pid 6
-2013-11-25 18:53:23,349 INFO spawned: 'apache2' with pid 7
-...
-```
-
-You launched a new container interactively using the `docker run` command.
+We've launched a new container interactively using the `docker run` command.
 That container has run Supervisor and launched the SSH and Apache daemons with
 it. We've specified the `-p` flag to expose ports 22 and 80. From here we can
 now identify the exposed ports and connect to one or both of the SSH and Apache

docs/deprecated.md

@@ -21,11 +21,6 @@ The following list of features are deprecated in Engine.
 
 The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated.
 
-### Separator (`:`) of `--security-opt` flag on `docker run`
-**Deprecated In Release: v1.11**
-
-**Target For Removal In Release: v1.13**
-
 The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consinstency with other similar flags, like `--storage-opt`.
 
 ### Ambiguous event fields in API
@@ -84,14 +79,15 @@ Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` a
 ### LXC built-in exec driver
 **Deprecated In Release: v1.8**
 
-**Removed In Release: v1.10**
+**Target For Removal In Release: v1.10**
 
-The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed.
+The built-in LXC execution driver is deprecated for an external implementation.
+The lxc-conf flag and API fields will also be removed.
 
 ### Old Command Line Options
 **Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)**
 
-**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
+**Target For Removal In Release: v1.10**
 
 The flags `-d` and `--daemon` are deprecated in favor of the `daemon` subcommand:
 
@@ -137,6 +133,17 @@ The following double-dash options are deprecated and have no replacement:
     docker ps --before-id
     docker search --trusted
 
+### Auto-creating missing host paths for bind mounts
+**Deprecated in Release: v1.9**
+
+**Target for Removal in Release: 1.11**
+
+When creating a container with a bind-mounted volume-- `docker run -v /host/path:/container/path` --
+docker was automatically creating the `/host/path` if it didn't already exist.
+
+This auto-creation of the host path is deprecated and docker will error out if
+the path does not exist.
+
 ### Interacting with V1 registries
 
 Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries.  Though disabled by default, this signals the intent to deprecate the v1 protocol.

docs/examples/couchbase.md

@@ -39,7 +39,7 @@ Starting Couchbase Server -- Web UI available at http://<ip>:8091
 > Docker using Docker machine, you can obtain the IP address
 > of the Docker host using `docker-machine ip <MACHINE-NAME>`.
 
-The logs show that Couchbase console can be accessed at `http://192.168.99.100:8091`. The default username is `Administrator` and the password is `password`.
+The logs show that Couchbase console can be accessed at http://192.168.99.100:8091. The default username is `Administrator` and the password is `password`.
 
 ## Configure Couchbase Docker container
 
@@ -228,7 +228,7 @@ cbq> select * from `travel-sample` limit 1;
 
 [Couchbase Web Console](http://developer.couchbase.com/documentation/server/4.1/admin/ui-intro.html) is a console that allows to manage a Couchbase instance. It can be seen at:
 
-`http://192.168.99.100:8091/`
+http://192.168.99.100:8091/
 
 Make sure to replace the IP address with the IP address of your Docker Machine or `localhost` if Docker is running locally.
 

docs/examples/index.md

@@ -17,6 +17,7 @@ This section contains the following:
 * [Dockerizing MongoDB](mongodb.md)
 * [Dockerizing PostgreSQL](postgresql_service.md)    
 * [Dockerizing a CouchDB service](couchdb_data_volumes.md)         
+* [Dockerizing a Node.js web app](nodejs_web_app.md)
 * [Dockerizing a Redis service](running_redis_service.md)
 * [Dockerizing an apt-cacher-ng service](apt-cacher-ng.md)
 * [Dockerizing applications: A 'Hello world'](../userguide/containers/dockerizing.md)

docs/examples/nodejs_web_app.md

@@ -0,0 +1,199 @@
+<!--[metadata]>
++++
+title = "Dockerizing a Node.js web app"
+description = "Installing and running a Node.js app with Docker"
+keywords = ["docker, example, package installation, node,  centos"]
+[menu.main]
+parent = "engine_dockerize"
++++
+<![end-metadata]-->
+
+# Dockerizing a Node.js web app
+
+> **Note**: 
+> - **If you don't like sudo** then see [*Giving non-root
+>   access*](../installation/binaries.md#giving-non-root-access)
+
+The goal of this example is to show you how you can build your own
+Docker images from a parent image using a `Dockerfile`
+. We will do that by making a simple Node.js hello world web
+application running on CentOS. You can get the full source code at[https://github.com/enokd/docker-node-hello/](https://github.com/enokd/docker-node-hello/).
+
+## Create Node.js app
+
+First, create a directory `src` where all the files
+would live. Then create a `package.json` file that
+describes your app and its dependencies:
+
+    {
+      "name": "docker-centos-hello",
+      "private": true,
+      "version": "0.0.1",
+      "description": "Node.js Hello world app on CentOS using docker",
+      "author": "Daniel Gasienica <daniel@gasienica.ch>",
+      "dependencies": {
+        "express": "3.2.4"
+      }
+    }
+
+Then, create an `index.js` file that defines a web
+app using the [Express.js](http://expressjs.com/) framework:
+
+    var express = require('express');
+
+    // Constants
+    var PORT = 8080;
+
+    // App
+    var app = express();
+    app.get('/', function (req, res) {
+      res.send('Hello world\n');
+    });
+
+    app.listen(PORT);
+    console.log('Running on http://localhost:' + PORT);
+
+In the next steps, we'll look at how you can run this app inside a
+CentOS container using Docker. First, you'll need to build a Docker
+image of your app.
+
+## Creating a Dockerfile
+
+Create an empty file called `Dockerfile`:
+
+    touch Dockerfile
+
+Open the `Dockerfile` in your favorite text editor
+
+Define the parent image you want to use to build your own image on
+top of. Here, we'll use
+[CentOS](https://hub.docker.com/_/centos/) (tag: `centos6`)
+available on the [Docker Hub](https://hub.docker.com/):
+
+    FROM    centos:centos6
+
+Since we're building a Node.js app, you'll have to install Node.js as
+well as npm on your CentOS image. Node.js is required to run your app
+and npm is required to install your app's dependencies defined in
+`package.json`. To install the right package for
+CentOS, we'll use the instructions from the [Node.js wiki](
+https://github.com/joyent/node/wiki/Installing-Node.js-
+via-package-manager#rhelcentosscientific-linux-6):
+
+    # Enable Extra Packages for Enterprise Linux (EPEL) for CentOS
+    RUN     yum install -y epel-release
+    # Install Node.js and npm
+    RUN     yum install -y nodejs npm
+
+Install your app dependencies using the `npm` binary:
+
+    # Install app dependencies
+    COPY package.json /src/package.json
+    RUN cd /src; npm install --production
+
+To bundle your app's source code inside the Docker image, use the `COPY`
+instruction:
+
+    # Bundle app source
+    COPY . /src
+
+Your app binds to port `8080` so you'll use the `EXPOSE` instruction to have
+it mapped by the `docker` daemon:
+
+    EXPOSE  8080
+
+Last but not least, define the command to run your app using `CMD` which
+defines your runtime, i.e. `node`, and the path to our app, i.e. `src/index.js`
+(see the step where we added the source to the container):
+
+    CMD ["node", "/src/index.js"]
+
+Your `Dockerfile` should now look like this:
+
+    FROM    centos:centos6
+
+    # Enable Extra Packages for Enterprise Linux (EPEL) for CentOS
+    RUN     yum install -y epel-release
+    # Install Node.js and npm
+    RUN     yum install -y nodejs npm
+
+    # Install app dependencies
+    COPY package.json /src/package.json
+    RUN cd /src; npm install --production
+
+    # Bundle app source
+    COPY . /src
+
+    EXPOSE  8080
+    CMD ["node", "/src/index.js"]
+
+## Building your image
+
+Go to the directory that has your `Dockerfile` and run the following command
+to build a Docker image. The `-t` flag lets you tag your image so it's easier
+to find later using the `docker images` command:
+
+    $ docker build -t <your username>/centos-node-hello .
+
+Your image will now be listed by Docker:
+
+    $ docker images
+
+    # Example
+    REPOSITORY                          TAG        ID              CREATED
+    centos                              centos6    539c0211cd76    8 weeks ago
+    <your username>/centos-node-hello   latest     d64d3505b0d2    2 hours ago
+
+## Run the image
+
+Running your image with `-d` runs the container in detached mode, leaving the
+container running in the background. The `-p` flag redirects a public port to
+a private port in the container. Run the image you previously built:
+
+    $ docker run -p 49160:8080 -d <your username>/centos-node-hello
+
+Print the output of your app:
+
+    # Get container ID
+    $ docker ps
+
+    # Print app output
+    $ docker logs <container id>
+
+    # Example
+    Running on http://localhost:8080
+
+## Test
+
+To test your app, get the port of your app that Docker mapped:
+
+    $ docker ps
+
+    # Example
+    ID            IMAGE                                     COMMAND              ...   PORTS
+    ecce33b30ebf  <your username>/centos-node-hello:latest  node /src/index.js         49160->8080
+
+In the example above, Docker mapped the `8080` port of the container to `49160`.
+
+Now you can call your app using `curl` (install if needed via:
+`sudo apt-get install curl`):
+
+    $ curl -i localhost:49160
+
+    HTTP/1.1 200 OK
+    X-Powered-By: Express
+    Content-Type: text/html; charset=utf-8
+    Content-Length: 12
+    Date: Sun, 02 Jun 2013 03:53:22 GMT
+    Connection: keep-alive
+
+    Hello world
+
+If you use Docker Machine on OS X, the port is actually mapped to the Docker
+host VM, and you should use the following command:
+
+    $ curl $(docker-machine ip VM_NAME):49160
+
+We hope this tutorial helped you get up and running with Node.js and
+CentOS on Docker. You can get the full source code at
+[https://github.com/enokd/docker-node-hello/](https://github.com/enokd/docker-node-hello/).

docs/examples/running_redis_service.md

@@ -1,7 +1,7 @@
 <!--[metadata]>
 +++
 title = "Dockerizing a Redis service"
-description = "Installing and running a redis service"
+description = "Installing and running an redis service"
 keywords = ["docker, example, package installation, networking,  redis"]
 [menu.main]
 parent = "engine_dockerize"

docs/extend/plugin_api.md

@@ -169,10 +169,9 @@ Responds with a list of Docker subsystems which this plugin implements.
 After activation, the plugin will then be sent events from this subsystem.
 
 Possible values are:
-
-* [`authz`](plugins_authorization.md)
-* [`NetworkDriver`](plugins_network.md)
-* [`VolumeDriver`](plugins_volume.md)
+ - [`authz`](plugins_authorization.md)
+ - [`NetworkDriver`](plugins_network.md)
+ - [`VolumeDriver`](plugins_volume.md)
 
 
 ## Plugin retries

docs/extend/plugins.md

@@ -22,7 +22,7 @@ example, a [volume plugin](plugins_volume.md) might enable Docker
 volumes to persist across multiple Docker hosts and a
 [network plugin](plugins_network.md) might provide network plumbing.
 
-Currently Docker supports authorization, volume and network driver plugins. In the future it
+Currently Docker supports volume and network driver plugins. In the future it
 will support additional plugin types.
 
 ## Installing a plugin
@@ -31,48 +31,78 @@ Follow the instructions in the plugin's documentation.
 
 ## Finding a plugin
 
-The sections below provide an inexhaustive overview of available plugins.
+The following plugins exist:
 
-<style>
-#content tr td:first-child { white-space: nowrap;}
-</style>
+* The [Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume)
+  is a volume plugin that provides access to an extensible set of
+  container-based persistent storage options. It supports single and multi-host Docker
+  environments with features that include tenant isolation, automated
+  provisioning, encryption, secure deletion, snapshots and QoS.
 
-### Network plugins
+* The [Convoy plugin](https://github.com/rancher/convoy) is a volume plugin for a
+  variety of storage back-ends including device mapper and NFS. It's a simple standalone
+  executable written in Go and provides the framework to support vendor-specific extensions
+  such as snapshots, backups and restore.
 
-Plugin                                                                              | Description
------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-[Contiv Networking](https://github.com/contiv/netplugin)                            | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards.
-[Kuryr Network Plugin](https://github.com/openstack/kuryr)                          | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well.
-[Weave Network Plugin](https://www.weave.works/docs/net/latest/introducing-weave/)    | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity.
+* The [Flocker plugin](https://clusterhq.com/docker-plugin/) is a volume plugin
+  which provides multi-host portable volumes for Docker, enabling you to run
+  databases and other stateful containers and move them around across a cluster
+  of machines.
 
-### Volume plugins
+* The [GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) is
+  another volume plugin that provides multi-host volumes management for Docker
+  using GlusterFS.
 
-Plugin                                                                              | Description
------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-[Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver)  | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/).
-[Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume)      | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS.
-[Contiv Volume Plugin](https://github.com/contiv/volplugin)                         | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath.
-[Convoy plugin](https://github.com/rancher/convoy)                                  | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore.
-[DRBD plugin](https://www.drbd.org/en/supported-projects/docker)                    | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes.
-[Flocker plugin](https://clusterhq.com/docker-plugin/)                              | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines.
-[gce-docker plugin](https://github.com/mcuadros/gce-docker)                         | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks).
-[GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs)             | A volume plugin that provides multi-host volumes management for Docker using GlusterFS.
-[Horcrux Volume Plugin](https://github.com/muthu-r/horcrux)                         | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3.
-[IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs)               | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume.
-[Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz)                 | A plugin that provides credentials and secret management using Keywhiz as a central repository.
-[Local Persist Plugin](https://github.com/CWSpear/local-persist)                    | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`.
-[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP)                         | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future.
-[Netshare plugin](https://github.com/ContainX/docker-volume-netshare)                 | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems.
-[OpenStorage Plugin](https://github.com/libopenstorage/openstorage)                 | A cluster-aware volume plugin that provides volume management for file and block storage solutions.  It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few.
-[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume)                   | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform.
-[REX-Ray plugin](https://github.com/emccode/rexray)                                 | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC.
-[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere)    | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. 
+* The [Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) allows on-demand,
+  version controlled access to your data. Horcrux is an open-source plugin,
+  written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3.
 
-### Authorization plugins
+* The [IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs)
+  is an open source volume plugin that allows using an
+  [ipfs](https://ipfs.io/) filesystem as a volume.
 
- Plugin                                                       | Description                                                                                                                                                               
-------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name).
+* The [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) is
+  a plugin that provides credentials and secret management using Keywhiz as
+  a central repository.
+
+* The [Netshare plugin](https://github.com/gondor/docker-volume-netshare) is a volume plugin
+  that provides volume management for NFS 3/4, AWS EFS and CIFS file systems.
+
+* The [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) is a cluster aware volume plugin that provides volume management for file and block storage solutions.  It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots.   It has example drivers based on FUSE, NFS, NBD and EBS to name a few.
+
+* The [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform.
+
+* The [REX-Ray plugin](https://github.com/emccode/rexray) is a volume plugin
+  which is written in Go and provides advanced storage functionality for many
+  platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC.
+
+* The [Contiv Volume Plugin](https://github.com/contiv/volplugin) is an open
+  source volume plugin that provides multi-tenant, persistent, distributed storage
+  with intent based consumption using ceph underneath.
+
+* The [Contiv Networking](https://github.com/contiv/netplugin) is an open source
+  libnetwork plugin to provide infrastructure and security policies for a
+  multi-tenant micro services deployment, while providing an integration to
+  physical network for non-container workload. Contiv Networking implements the
+  remote driver and IPAM APIs available in Docker 1.9 onwards.
+
+* The [Weave Network Plugin](http://docs.weave.works/weave/latest_release/plugin.html)
+  creates a virtual network that connects your Docker containers -
+  across multiple hosts or clouds and enables automatic discovery of
+  applications. Weave networks are resilient, partition tolerant,
+  secure and work in partially connected networks, and other adverse
+  environments - all configured with delightful simplicity.
+
+* The [Kuryr Network Plugin](https://github.com/openstack/kuryr) is
+  developed as part of the OpenStack Kuryr project and implements the
+  Docker networking (libnetwork) remote driver API by utilizing
+  Neutron, the OpenStack networking service. It includes an IPAM
+  driver as well.
+
+* The [Local Persist Plugin](https://github.com/CWSpear/local-persist) 
+  extends the default `local` driver's functionality by allowing you specify 
+  a mountpoint anywhere on the host, which enables the files to *always persist*, 
+  even if the volume is removed via `docker volume rm`.
 
 ## Troubleshooting a plugin
 

docs/extend/plugins_authorization.md

@@ -149,9 +149,10 @@ should implement the following two methods:
     "User":              "The user identification",
     "UserAuthNMethod":   "The authentication method used",
     "RequestMethod":     "The HTTP method",
-    "RequestURI":        "The HTTP request URI",
+    "RequestUri":        "The HTTP request URI",
     "RequestBody":       "Byte array containing the raw HTTP request body",
-    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string "
+    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string ",
+    "RequestStatusCode": "Request status code"
 }
 ```
 
@@ -173,9 +174,10 @@ should implement the following two methods:
     "User":              "The user identification",
     "UserAuthNMethod":   "The authentication method used",
     "RequestMethod":     "The HTTP method",
-    "RequestURI":        "The HTTP request URI",
+    "RequestUri":        "The HTTP request URI",
     "RequestBody":       "Byte array containing the raw HTTP request body",
     "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string",
+    "RequestStatusCode": "Request status code",
     "ResponseBody":      "Byte array containing the raw HTTP response body",
     "ResponseHeader":    "Byte array containing the raw HTTP response header as a map[string][]string",
     "ResponseStatusCode":"Response status code"
@@ -188,10 +190,17 @@ should implement the following two methods:
 {
    "Allow":              "Determined whether the user is allowed or not",
    "Msg":                "The authorization message",
-   "Err":                "The error message if things go wrong"
+   "Err":                "The error message if things go wrong",
+   "ModifiedBody":       "Byte array containing a modified body of the raw HTTP body (or nil if no changes required)",
+   "ModifiedHeader":     "Byte array containing a modified header of the HTTP response (or nil if no changes required)",
+   "ModifiedStatusCode": "int containing the modified version of the status code (or 0 if not change is required)"
 }
 ```
 
+The modified response enables the authorization plugin to manipulate the content
+of the HTTP response. In case of more than one plugin, each subsequent plugin
+receives a response (optionally) modified by a previous plugin.
+
 ### Request authorization
 
 Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message.

docs/extend/plugins_network.md

@@ -13,7 +13,7 @@ parent = "engine_extend"
 Docker Engine network plugins enable Engine deployments to be extended to
 support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN
 or something completely different. Network driver plugins are supported via the
-LibNetwork project. Each plugin is implemented as a  "remote driver" for
+LibNetwork project. Each plugin is implemented asa  "remote driver" for
 LibNetwork, which shares plugin infrastructure with Engine. Effectively, network
 driver plugins are activated in the same way as other plugins, and use the same
 kind of protocol.

docs/extend/plugins_volume.md

@@ -140,8 +140,7 @@ Docker needs reminding of the path to the volume on the host.
 ```
 
 Respond with the path on the host filesystem where the volume has been made
-available, and/or a string error if an error occurred. `Mountpoint` is optional,
-however the plugin may be queried again later if one is not provided.
+available, and/or a string error if an error occurred.
 
 ### /VolumeDriver.Unmount
 
@@ -189,8 +188,7 @@ Get the volume info.
 }
 ```
 
-Respond with a string error if an error occurred. `Mountpoint` and `Status` are
-optional.
+Respond with a string error if an error occurred.
 
 
 ### /VolumeDriver.List
@@ -215,4 +213,4 @@ Get the list of volumes registered with the plugin.
 }
 ```
 
-Respond with a string error if an error occurred. `Mountpoint` is optional.
+Respond with a string error if an error occurred.

docs/installation/binaries.md

@@ -9,7 +9,7 @@ weight = 110
 +++
 <![end-metadata]-->
 
-# Installation from binaries
+# Binaries
 
 **This instruction set is meant for hackers who want to try out Docker
 on a variety of environments.**
@@ -85,137 +85,90 @@ exhibit unexpected behaviour.
 > vendor for the system, and might break regulations and security
 > policies in heavily regulated environments.
 
-## Get the Docker Engine binaries
+## Get the Docker binary
 
-You can download either the latest release binaries or a specific version. To get
-the list of stable release version numbers from GitHub, view the `docker/docker`
-[releases page](https://github.com/docker/docker/releases). You can get the MD5
-and SHA256 hashes by appending .md5 and .sha256 to the URLs respectively
+You can download either the latest release binary or a specific version.
+After downloading a binary file, you must set the file's execute bit to run it.
 
+To set the file's execute bit on Linux and OS X:
 
-### Get the Linux binaries
+    $ chmod +x docker
+
+To get the list of stable release version numbers from GitHub, view the
+`docker/docker` [releases page](https://github.com/docker/docker/releases).
+
+> **Note**
+>
+> 1) You can get the MD5 and SHA256 hashes by appending .md5 and .sha256 to the URLs respectively
+>
+> 2) You can get the compressed binaries by appending .tgz to the URLs
+
+### Get the Linux binary
 
 To download the latest version for Linux, use the
 following URLs:
 
-    https://get.docker.com/builds/Linux/i386/docker-latest.tgz
+    https://get.docker.com/builds/Linux/i386/docker-latest
 
-    https://get.docker.com/builds/Linux/x86_64/docker-latest.tgz
+    https://get.docker.com/builds/Linux/x86_64/docker-latest
 
 To download a specific version for Linux, use the
 following URL patterns:
 
-    https://get.docker.com/builds/Linux/i386/docker-<version>.tgz
+    https://get.docker.com/builds/Linux/i386/docker-<version>
 
-    https://get.docker.com/builds/Linux/x86_64/docker-<version>.tgz
+    https://get.docker.com/builds/Linux/x86_64/docker-<version>
 
 For example:
 
-    https://get.docker.com/builds/Linux/i386/docker-1.11.0.tgz
+    https://get.docker.com/builds/Linux/i386/docker-1.9.1
 
-    https://get.docker.com/builds/Linux/x86_64/docker-1.11.0.tgz
+    https://get.docker.com/builds/Linux/x86_64/docker-1.9.1
 
-> **Note** These instructions are for Docker Engine 1.11 and up. Engine 1.10 and
-> under consists of a single binary, and instructions for those versions are
-> different. To install version 1.10 or below, follow the instructions in the 
-> <a href="/v1.10/engine/installation/binaries/" target="_blank">1.10 documentation</a>.
-
-
-#### Install the Linux binaries
-
-After downloading, you extract the archive, which puts the binaries in a
-directory named `docker` in your current location.
-
-```bash
-$ tar -xvzf docker-latest.tgz
-
-docker/
-docker/docker-containerd-ctr
-docker/docker
-docker/docker-containerd
-docker/docker-runc
-docker/docker-containerd-shim
-```
-
-Engine requires these binaries to be installed in your host's `$PATH`.
-For example, to install the binaries in `/usr/bin`:
-
-```bash
-$ mv docker/* /usr/bin/
-```
-
-> **Note**: If you already have Engine installed on your host, make sure you
-> stop Engine before installing (`killall docker`), and install the binaries
-> in the same location. You can find the location of the current installation
-> with `dirname $(which docker)`.
-
-#### Run the Engine daemon on Linux
-
-You can manually start the Engine in daemon mode using:
-
-```bash
-$ sudo docker daemon &
-```
-
-The GitHub repository provides samples of init-scripts you can use to control
-the daemon through a process manager, such as upstart or systemd. You can find
-these scripts in the <a href="https://github.com/docker/docker/tree/master/contrib/init">
-contrib directory</a>.
-
-For additional information about running the Engine in daemon mode, refer to
-the [daemon command](../reference/commandline/daemon.md) in the Engine command
-line reference.
 
 ### Get the Mac OS X binary
 
 The Mac OS X binary is only a client. You cannot use it to run the `docker`
 daemon. To download the latest version for Mac OS X, use the following URLs:
 
-    https://get.docker.com/builds/Darwin/x86_64/docker-latest.tgz
+    https://get.docker.com/builds/Darwin/x86_64/docker-latest
 
 To download a specific version for Mac OS X, use the
-following URL pattern:
+following URL patterns:
 
-    https://get.docker.com/builds/Darwin/x86_64/docker-<version>.tgz
+    https://get.docker.com/builds/Darwin/x86_64/docker-<version>
 
 For example:
 
-    https://get.docker.com/builds/Darwin/x86_64/docker-1.11.0.tgz
-
-You can extract the downloaded archive either by double-clicking the downloaded
-`.tgz` or on the command line, using `tar -xvzf docker-1.11.0.tgz`. The client
-binary can be executed from any location on your filesystem.
-
+    https://get.docker.com/builds/Darwin/x86_64/docker-1.9.1
 
 ### Get the Windows binary
 
-You can only download the Windows binary for version `1.9.1` onwards.
-Moreover, the 32-bit (`i386`) binary is only a client, you cannot use it to
-run the `docker` daemon. The 64-bit binary (`x86_64`) is both a client and
-daemon.
-
+You can only download the Windows client binary for version `1.9.1` onwards.
+Moreover, the binary is only a client, you cannot use it to run the `docker` daemon.
 To download the latest version for Windows, use the following URLs:
 
-    https://get.docker.com/builds/Windows/i386/docker-latest.zip
+    https://get.docker.com/builds/Windows/i386/docker-latest.exe
 
-    https://get.docker.com/builds/Windows/x86_64/docker-latest.zip
+    https://get.docker.com/builds/Windows/x86_64/docker-latest.exe
 
 To download a specific version for Windows, use the following URL pattern:
 
-    https://get.docker.com/builds/Windows/i386/docker-<version>.zip
+    https://get.docker.com/builds/Windows/i386/docker-<version>.exe
 
-    https://get.docker.com/builds/Windows/x86_64/docker-<version>.zip
+    https://get.docker.com/builds/Windows/x86_64/docker-<version>.exe
 
 For example:
 
-    https://get.docker.com/builds/Windows/i386/docker-1.11.0.zip
+    https://get.docker.com/builds/Windows/i386/docker-1.9.1.exe
 
-    https://get.docker.com/builds/Windows/x86_64/docker-1.11.0.zip
+    https://get.docker.com/builds/Windows/x86_64/docker-1.9.1.exe
 
 
-> **Note** These instructions are for Engine 1.11 and up. Instructions for older
-> versions are slightly different. To install version 1.10 or below, follow the
-> instructions in the <a href="/v1.10/engine/installation/binaries/" target="_blank">1.10 documentation</a>.
+## Run the Docker daemon
+
+    # start the docker in daemon mode from the directory you unpacked
+    $ sudo ./docker daemon &
 
 ## Giving non-root access
 
@@ -235,15 +188,21 @@ need to add `sudo` to all the client commands.
 > The *docker* group (or the group specified with `-G`) is root-equivalent;
 > see [*Docker Daemon Attack Surface*](../security/security.md#docker-daemon-attack-surface) details.
 
-## Upgrade Docker Engine
+## Upgrades
 
-To upgrade your manual installation of Docker Engine on Linux, first kill the docker
+To upgrade your manual installation of Docker, first kill the docker
 daemon:
 
     $ killall docker
 
-Then follow the [regular installation steps](#get-the-linux-binaries).
+Then follow the regular installation steps.
 
-## Next steps
+## Run your first container!
+
+    # check your docker version
+    $ sudo ./docker version
+
+    # run a container and open an interactive shell in the container
+    $ sudo ./docker run -i -t ubuntu /bin/bash
 
 Continue with the [User Guide](../userguide/index.md).

docs/installation/linux/centos.md

@@ -57,7 +57,7 @@ package manager.
         $ sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
         [dockerrepo]
         name=Docker Repository
-        baseurl=https://yum.dockerproject.org/repo/main/centos/7/
+        baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
         enabled=1
         gpgcheck=1
         gpgkey=https://yum.dockerproject.org/gpg

docs/installation/linux/debian.md

@@ -16,7 +16,7 @@ Docker is supported on the following versions of Debian:
 
  - [*Debian testing stretch (64-bit)*](#debian-wheezy-stable-7-x-64-bit)
  - [*Debian 8.0 Jessie (64-bit)*](#debian-jessie-80-64-bit)
- - [*Debian 7.7 Wheezy (64-bit)*](#debian-wheezy-stable-7-x-64-bit) (backports required)
+ - [*Debian 7.7 Wheezy (64-bit)*](#debian-wheezy-stable-7-x-64-bit)
 
  >**Note**: If you previously installed Docker using `APT`, make sure you update
  your `APT` sources to the new `APT` repository.
@@ -36,26 +36,6 @@ Docker is supported on the following versions of Debian:
 
      $ uname -r
 
- Additionally, for users of Debian Wheezy, backports must be available. To enable backports in Wheezy:
- 
- 1. Log into your machine and open a terminal with `sudo` or `root` privileges.
- 
- 2. Open the `/etc/apt/sources.list.d/backports.list` file in your favorite editor.
-
-     If the file doesn't exist, create it.
- 
- 3. Remove any existing entries.
- 
- 4. Add an entry for backports on Debian Wheezy.
-
-     An example entry:
-
-         deb http://http.debian.net/debian wheezy-backports main
-
- 5. Update package information:
-
-         $ apt-get update
-
 ### Update your apt repository
 
 Docker's `APT` repository contains Docker 1.7.1 and higher. To set `APT` to use

docs/installation/linux/fedora.md

@@ -26,7 +26,7 @@ version, open a terminal and use `uname -r` to display your kernel version:
     $ uname -r
     3.19.5-100.fc21.x86_64
 
-If your kernel is at an older version, you must update it.
+If your kernel is at a older version, you must update it.
 
 Finally, is it recommended that you fully update your system. Please keep in
 mind that your system should be fully patched to fix any potential kernel bugs. Any
@@ -186,7 +186,7 @@ You can uninstall the Docker software with `dnf`.
 
 1. List the package you have installed.
 
-		$ dnf list installed | grep docker
+		$ dnf list installed | grep docker dnf list installed | grep docker
 		docker-engine.x86_64     1.7.1-0.1.fc21 @/docker-engine-1.7.1-0.1.fc21.el7.x86_64
 
 2. Remove the package.

docs/installation/linux/oracle.md

@@ -29,8 +29,13 @@ btrfs storage engine on both Oracle Linux 6 and 7.
 > follow the installation instructions provided in the
 > [Oracle Linux documentation](https://docs.oracle.com/en/operating-systems/?tab=2).
 >
-> The installation instructions for Oracle Linux 6 and 7 can be found in [Chapter 2 of
-> the Docker User's Guide](https://docs.oracle.com/cd/E52668_01/E75728/html/docker_install_upgrade.html)
+> The installation instructions for Oracle Linux 6 can be found in [Chapter 10 of
+> the Administrator's
+> Solutions Guide](https://docs.oracle.com/cd/E37670_01/E37355/html/ol_docker.html)
+>
+> The installation instructions for Oracle Linux 7 can be found in [Chapter 29 of
+> the Administrator's
+> Guide](https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-docker.html)
 
 
 1. Log into your machine as a user with `sudo` or `root` privileges.

docs/installation/linux/ubuntulinux.md

@@ -14,7 +14,6 @@ weight = -6
 
 Docker is supported on these Ubuntu operating systems:
 
-- Ubuntu Xenial 16.04 (LTS)
 - Ubuntu Wily 15.10
 - Ubuntu Trusty 14.04 (LTS)
 - Ubuntu Precise 12.04 (LTS)
@@ -86,10 +85,6 @@ packages from the new repository:
 
             deb https://apt.dockerproject.org/repo ubuntu-wily main
 
-    - Ubuntu Xenial 16.04 (LTS)
-
-            deb https://apt.dockerproject.org/repo ubuntu-xenial main
-
     > **Note**: Docker does not provide packages for all architectures. You can find
 	> nightly built binaries in https://master.dockerproject.org. To install docker on
     > a multi-architecture system, add an `[arch=...]` clause to the entry. Refer to the
@@ -114,11 +109,10 @@ packages from the new repository:
 
 ### Prerequisites by Ubuntu Version
 
-- Ubuntu Xenial 16.04 (LTS)
 - Ubuntu Wily 15.10
 - Ubuntu Trusty 14.04 (LTS)
 
-For Ubuntu Trusty, Wily, and Xenial, it's recommended to install the
+For Ubuntu Trusty and Wily, it's recommended to install the
 `linux-image-extra` kernel package. The `linux-image-extra` package
 allows you use the `aufs` storage driver.
 
@@ -391,7 +385,7 @@ To specify a DNS server for use by Docker:
 
 5. Restart the Docker daemon.
 
-        $ sudo service docker restart
+        $ sudo restart docker
 
 
  

docs/installation/windows.md

@@ -85,7 +85,7 @@ Docker container using standard localhost addressing such as `localhost:8000` or
 
 ![Linux Architecture Diagram](images/linux_docker_host.svg)
 
-In a Windows installation, the `docker` daemon is running inside a Linux virtual
+In an Windows installation, the `docker` daemon is running inside a Linux virtual
 machine. You use the Windows Docker client to talk to the Docker host VM. Your
 Docker containers run inside this host.
 

docs/migration.md

@@ -29,7 +29,7 @@ instructions that didn’t modify the filesystem.
 
 Content addressability is the foundation for the new distribution features. The
 image pull and push code has been reworked to use a download/upload manager
-concept that makes pushing and pulling images much more stable and mitigates any
+concept that makes pushing and pulling images much more stable and mitigate any
 parallel request issues. The download manager also brings retries on failed
 downloads and better prioritization for concurrent downloads.
 

docs/reference/api/docker_remote_api.md

@@ -49,6 +49,10 @@ Docker version  | API version                        | Changes
 1.8.x           | [1.20](docker_remote_api_v1.20.md) | [API changes](docker_remote_api.md#v1-20-api-changes)
 1.7.x           | [1.19](docker_remote_api_v1.19.md) | [API changes](docker_remote_api.md#v1-19-api-changes)
 1.6.x           | [1.18](docker_remote_api_v1.18.md) | [API changes](docker_remote_api.md#v1-18-api-changes)
+1.5.x           | [1.17](docker_remote_api_v1.17.md) | [API changes](docker_remote_api.md#v1-17-api-changes)
+1.4.x           | [1.16](docker_remote_api_v1.16.md) | [API changes](docker_remote_api.md#v1-16-api-changes)
+1.3.x           | [1.15](docker_remote_api_v1.15.md) | [API changes](docker_remote_api.md#v1-15-api-changes)
+1.2.x           | [1.14](docker_remote_api_v1.14.md) | [API changes](docker_remote_api.md#v1-14-api-changes)
 
 Refer to the [GitHub repository](
 https://github.com/docker/docker/tree/master/docs/reference/api) for
@@ -56,12 +60,12 @@ older releases.
 
 ## Authentication
 
-Authentication configuration is handled client side, so the
+Since API version 1.2, the auth configuration is now handled client side, so the
 client has to send the `authConfig` as a `POST` in `/images/(name)/push`. The
 `authConfig`, set as the `X-Registry-Auth` header, is currently a Base64 encoded
 (JSON) string with the following structure:
 
-```JSON
+```
 {"username": "string", "password": "string", "email": "string",
    "serveraddress" : "string", "auth": ""}
 ```
@@ -235,3 +239,53 @@ end point now returns the new boolean fields `CpuCfsPeriod`, `CpuCfsQuota`, and
 * `POST /build` closing the HTTP request cancels the build
 * `POST /containers/(id)/exec` includes `Warnings` field to response.
 
+### v1.17 API changes
+
+[Docker Remote API v1.17](docker_remote_api_v1.17.md) documentation
+
+* The build supports `LABEL` command. Use this to add metadata to an image. For
+example you could add data describing the content of an image. `LABEL
+"com.example.vendor"="ACME Incorporated"`
+* `POST /containers/(id)/attach` and `POST /exec/(id)/start`
+* The Docker client now hints potential proxies about connection hijacking using HTTP Upgrade headers.
+* `POST /containers/create` sets labels on container create describing the container.
+* `GET /containers/json` returns the labels associated with the containers (`Labels`).
+* `GET /containers/(id)/json` returns the list current execs associated with the
+container (`ExecIDs`). This endpoint now returns the container labels
+(`Config.Labels`).
+* `POST /containers/(id)/rename` renames a container `id` to a new name.*
+* `POST /containers/create` and `POST /containers/(id)/start` callers can pass
+`ReadonlyRootfs` in the host config to mount the container's root filesystem as
+read only.
+* `GET /containers/(id)/stats` returns a live stream of a container's resource usage statistics.
+* `GET /images/json` returns the labels associated with each image (`Labels`).
+
+
+### v1.16 API changes
+
+[Docker Remote API v1.16](docker_remote_api_v1.16.md)
+
+* `GET /info` returns the number of CPUs available on the machine (`NCPU`),
+total memory available (`MemTotal`), a user-friendly name describing the running Docker daemon (`Name`), a unique ID identifying the daemon (`ID`), and
+a list of daemon labels (`Labels`).
+* `POST /containers/create` callers can set the new container's MAC address explicitly.
+* Volumes are now initialized when the container is created.
+* `POST /containers/(id)/copy` copies data which is contained in a volume.
+
+### v1.15 API changes
+
+[Docker Remote API v1.15](docker_remote_api_v1.15.md) documentation
+
+`POST /containers/create` you can set a container's `HostConfig` when creating a
+container. Previously this was only available when starting a container.
+
+### v1.14 API changes
+
+[Docker Remote API v1.14](docker_remote_api_v1.14.md) documentation
+
+* `DELETE /containers/(id)` when using `force`, the container will be immediately killed with SIGKILL.
+* `POST /containers/(id)/start` the `HostConfig` option accepts the field `CapAdd`, which specifies a list of capabilities
+to add, and the field `CapDrop`, which specifies a list of capabilities to drop.
+* `POST /images/create` th `fromImage` and `repo` parameters support the
+`repo:tag` format. Consequently,  the `tag` parameter is now obsolete. Using the
+new format and the `tag` parameter at the same time will return an error.

docs/reference/api/docker_remote_api_v1.18.md

@@ -184,7 +184,7 @@ Create a container
                "Devices": [],
                "Ulimits": [{}],
                "LogConfig": { "Type": "json-file", Config: {} },
-               "SecurityOpt": [],
+               "SecurityOpt": [""],
                "CgroupParent": ""
             }
         }
@@ -206,6 +206,13 @@ Json Parameters:
 -   **Domainname** - A string value containing the desired domain name to use
       for the container.
 -   **User** - A string value containing the user to use inside the container.
+-   **Memory** - Memory limit in bytes.
+-   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+      You must use this with `memory` and make the swap value larger than `memory`.
+-   **CpuShares** - An integer value containing the CPU Shares for container
+      (ie. the relative weight vs other containers).
+-   **Cpuset** - The same as CpusetCpus, but deprecated, please don't use.
+-   **CpusetCpus** - String value containing the cgroups CpusetCpus to use.
 -   **AttachStdin** - Boolean value, attaches to stdin.
 -   **AttachStdout** - Boolean value, attaches to stdout.
 -   **AttachStderr** - Boolean value, attaches to stderr.
@@ -236,12 +243,6 @@ Json Parameters:
           in the form of `container_name:alias`.
     -   **LxcConf** - LXC specific configurations. These configurations will only
           work when using the `lxc` execution driver.
-    -   **Memory** - Memory limit in bytes.
-    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
-          You must use this with `memory` and make the swap value larger than `memory`.
-    -   **CpuShares** - An integer value containing the CPU Shares for container
-          (ie. the relative weight vs other containers).
-    -   **CpusetCpus** - String value containing the cgroups CpusetCpus to use.
     -   **PortBindings** - A map of exposed container ports and the host port they
           should map to. It should be specified in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
@@ -1251,6 +1252,7 @@ Query Parameters:
         can be retrieved or `-` to read the image from the request body.
 -   **repo** – repository
 -   **tag** – tag
+-   **registry** – the registry to pull from
 
     Request Headers:
 
@@ -1406,7 +1408,7 @@ Tag the image `name` into a repository
 
 **Example response**:
 
-        HTTP/1.1 201 Created
+        HTTP/1.1 201 OK
 
 Query Parameters:
 
@@ -1885,7 +1887,7 @@ Sets up an exec instance in a running container `id`
 
 **Example response**:
 
-        HTTP/1.1 201 Created
+        HTTP/1.1 201 OK
         Content-Type: application/json
 
         {
@@ -1927,8 +1929,8 @@ interactive session with the `exec` command.
 
 **Example response**:
 
-        HTTP/1.1 200 OK
-        Content-Type: application/vnd.docker.raw-stream
+        HTTP/1.1 201 OK
+        Content-Type: application/json
 
         {{ STREAM }}
 
@@ -1959,7 +1961,7 @@ This API is valid only if `tty` was specified as part of creating and starting t
 
 **Example response**:
 
-        HTTP/1.1 201 Created
+        HTTP/1.1 201 OK
         Content-Type: text/plain
 
 Query Parameters:

docs/reference/api/docker_remote_api_v1.19.md

@@ -191,7 +191,7 @@ Create a container
              "Devices": [],
              "Ulimits": [{}],
              "LogConfig": { "Type": "json-file", "Config": {} },
-             "SecurityOpt": [],
+             "SecurityOpt": [""],
              "CgroupParent": ""
           }
       }
@@ -213,6 +213,18 @@ Json Parameters:
 -   **Domainname** - A string value containing the domain name to use
       for the container.
 -   **User** - A string value specifying the user inside the container.
+-   **Memory** - Memory limit in bytes.
+-   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+      You must use this with `memory` and make the swap value larger than `memory`.
+-   **CpuShares** - An integer value containing the container's CPU Shares
+      (ie. the relative weight vs other containers).
+-   **CpuPeriod** - The length of a CPU period in microseconds.
+-   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **Cpuset** - Deprecated please don't use. Use `CpusetCpus` instead.
+-   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+-   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+-   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+-   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
 -   **AttachStdin** - Boolean value, attaches to `stdin`.
 -   **AttachStdout** - Boolean value, attaches to `stdout`.
 -   **AttachStderr** - Boolean value, attaches to `stderr`.
@@ -242,17 +254,6 @@ Json Parameters:
           in the form of `container_name:alias`.
     -   **LxcConf** - LXC specific configurations. These configurations only
           work when using the `lxc` execution driver.
-    -   **Memory** - Memory limit in bytes.
-    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
-          You must use this with `memory` and make the swap value larger than `memory`.
-    -   **CpuShares** - An integer value containing the container's CPU Shares
-          (ie. the relative weight vs other containers).
-    -   **CpuPeriod** - The length of a CPU period in microseconds.
-    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
-    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
-    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
     -   **PortBindings** - A map of exposed container ports and the host port they
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
@@ -1300,6 +1301,7 @@ Query Parameters:
         can be retrieved or `-` to read the image from the request body.
 -   **repo** – Repository name.
 -   **tag** – Tag.
+-   **registry** – The registry to pull from.
 
     Request Headers:
 
@@ -1475,7 +1477,7 @@ Tag the image `name` into a repository
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
 
 Query Parameters:
 
@@ -1968,7 +1970,7 @@ Sets up an exec instance in a running container `id`
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: application/json
 
     {
@@ -2010,8 +2012,8 @@ interactive session with the `exec` command.
 
 **Example response**:
 
-    HTTP/1.1 200 OK
-    Content-Type: application/vnd.docker.raw-stream
+    HTTP/1.1 201 OK
+    Content-Type: application/json
 
     {{ STREAM }}
 
@@ -2042,7 +2044,7 @@ This API is valid only if `tty` was specified as part of creating and starting t
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: text/plain
 
 Query Parameters:

docs/reference/api/docker_remote_api_v1.20.md

@@ -154,9 +154,14 @@ Create a container
                    "com.example.license": "GPL",
                    "com.example.version": "1.0"
            },
-           "Volumes": {
-             "/volumes/data": {}
-           },
+           "Mounts": [
+             {
+               "Source": "/data",
+               "Destination": "/data",
+               "Mode": "ro,Z",
+               "RW": false
+             }
+           ],
            "WorkingDir": "",
            "NetworkDisabled": false,
            "MacAddress": "12:34:56:78:9a:bc",
@@ -193,7 +198,7 @@ Create a container
              "Devices": [],
              "Ulimits": [{}],
              "LogConfig": { "Type": "json-file", "Config": {} },
-             "SecurityOpt": [],
+             "SecurityOpt": [""],
              "CgroupParent": ""
           }
       }
@@ -215,6 +220,19 @@ Json Parameters:
 -   **Domainname** - A string value containing the domain name to use
       for the container.
 -   **User** - A string value specifying the user inside the container.
+-   **Memory** - Memory limit in bytes.
+-   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+      You must use this with `memory` and make the swap value larger than `memory`.
+-   **CpuShares** - An integer value containing the container's CPU Shares
+      (ie. the relative weight vs other containers).
+-   **CpuPeriod** - The length of a CPU period in microseconds.
+-   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **Cpuset** - Deprecated please don't use. Use `CpusetCpus` instead. 
+-   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+-   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+-   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+-   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+-   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
 -   **AttachStdin** - Boolean value, attaches to `stdin`.
 -   **AttachStdout** - Boolean value, attaches to `stdout`.
 -   **AttachStderr** - Boolean value, attaches to `stderr`.
@@ -227,8 +245,7 @@ Json Parameters:
 -   **Entrypoint** - Set the entry point for the container as a string or an array
       of strings.
 -   **Image** - A string specifying the image name to use for the container.
--   **Volumes** - An object mapping mount point paths (strings) inside the
-      container to empty objects.
+-   **Mounts** - An array of mount points in the container.
 -   **WorkingDir** - A string specifying the working directory for commands to
       run in.
 -   **NetworkDisabled** - Boolean value, when true disables networking for the
@@ -244,18 +261,6 @@ Json Parameters:
           in the form of `container_name:alias`.
     -   **LxcConf** - LXC specific configurations. These configurations only
           work when using the `lxc` execution driver.
-    -   **Memory** - Memory limit in bytes.
-    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
-          You must use this with `memory` and make the swap value larger than `memory`.
-    -   **CpuShares** - An integer value containing the container's CPU Shares
-          (ie. the relative weight vs other containers).
-    -   **CpuPeriod** - The length of a CPU period in microseconds.
-    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
-    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
-    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
     -   **PortBindings** - A map of exposed container ports and the host port they
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
@@ -1127,7 +1132,7 @@ following section.
 
 `GET /containers/(id or name)/archive`
 
-Get a tar archive of a resource in the filesystem of container `id`.
+Get an tar archive of a resource in the filesystem of container `id`.
 
 Query Parameters:
 
@@ -1397,14 +1402,14 @@ Query Parameters:
                 }
             }
 
-    This object maps the hostname of a registry to an object containing the
-    "username" and "password" for that registry. Multiple registries may
-    be specified as the build may be based on an image requiring
-    authentication to pull from any arbitrary registry. Only the registry
-    domain name (and port if not the default "443") are required. However
-    (for legacy reasons) the "official" Docker, Inc. hosted registry must
-    be specified with both a "https://" prefix and a "/v1/" suffix even
-    though Docker will prefer to use the v2 registry API.
+        This object maps the hostname of a registry to an object containing the
+        "username" and "password" for that registry. Multiple registries may
+        be specified as the build may be based on an image requiring
+        authentication to pull from any arbitrary registry. Only the registry
+        domain name (and port if not the default "443") are required. However
+        (for legacy reasons) the "official" Docker, Inc. hosted registry must
+        be specified with both a "https://" prefix and a "/v1/" suffix even
+        though Docker will prefer to use the v2 registry API.
 
 Status Codes:
 
@@ -1442,6 +1447,7 @@ Query Parameters:
         can be retrieved or `-` to read the image from the request body.
 -   **repo** – Repository name.
 -   **tag** – Tag.
+-   **registry** – The registry to pull from.
 
     Request Headers:
 
@@ -1616,7 +1622,7 @@ Tag the image `name` into a repository
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
 
 Query Parameters:
 
@@ -2110,7 +2116,7 @@ Sets up an exec instance in a running container `id`
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: application/json
 
     {
@@ -2152,8 +2158,8 @@ interactive session with the `exec` command.
 
 **Example response**:
 
-    HTTP/1.1 200 OK
-    Content-Type: application/vnd.docker.raw-stream
+    HTTP/1.1 201 OK
+    Content-Type: application/json
 
     {{ STREAM }}
 
@@ -2184,7 +2190,7 @@ This API is valid only if `tty` was specified as part of creating and starting t
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: text/plain
 
 Query Parameters:

docs/reference/api/docker_remote_api_v1.21.md

@@ -158,9 +158,14 @@ Create a container
                    "com.example.license": "GPL",
                    "com.example.version": "1.0"
            },
-           "Volumes": {
-             "/volumes/data": {}
-           },
+           "Mounts": [
+             {
+               "Source": "/data",
+               "Destination": "/data",
+               "Mode": "ro,Z",
+               "RW": false
+             }
+           ],
            "WorkingDir": "",
            "NetworkDisabled": false,
            "MacAddress": "12:34:56:78:9a:bc",
@@ -201,7 +206,7 @@ Create a container
              "Devices": [],
              "Ulimits": [{}],
              "LogConfig": { "Type": "json-file", "Config": {} },
-             "SecurityOpt": [],
+             "SecurityOpt": [""],
              "CgroupParent": "",
              "VolumeDriver": ""
           }
@@ -224,6 +229,21 @@ Json Parameters:
 -   **Domainname** - A string value containing the domain name to use
       for the container.
 -   **User** - A string value specifying the user inside the container.
+-   **Memory** - Memory limit in bytes.
+-   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+      You must use this with `memory` and make the swap value larger than `memory`.
+-   **MemoryReservation** - Memory soft limit in bytes.
+-   **KernelMemory** - Kernel memory limit in bytes.
+-   **CpuShares** - An integer value containing the container's CPU Shares
+      (ie. the relative weight vs other containers).
+-   **CpuPeriod** - The length of a CPU period in microseconds.
+-   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **Cpuset** - Deprecated please don't use. Use `CpusetCpus` instead.
+-   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+-   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+-   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+-   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+-   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
 -   **AttachStdin** - Boolean value, attaches to `stdin`.
 -   **AttachStdout** - Boolean value, attaches to `stdout`.
 -   **AttachStderr** - Boolean value, attaches to `stderr`.
@@ -236,8 +256,7 @@ Json Parameters:
 -   **Entrypoint** - Set the entry point for the container as a string or an array
       of strings.
 -   **Image** - A string specifying the image name to use for the container.
--   **Volumes** - An object mapping mount point paths (strings) inside the
-      container to empty objects.
+-   **Mounts** - An array of mount points in the container.
 -   **WorkingDir** - A string specifying the working directory for commands to
       run in.
 -   **NetworkDisabled** - Boolean value, when true disables networking for the
@@ -256,20 +275,6 @@ Json Parameters:
           in the form of `container_name:alias`.
     -   **LxcConf** - LXC specific configurations. These configurations only
           work when using the `lxc` execution driver.
-    -   **Memory** - Memory limit in bytes.
-    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
-          You must use this with `memory` and make the swap value larger than `memory`.
-    -   **MemoryReservation** - Memory soft limit in bytes.
-    -   **KernelMemory** - Kernel memory limit in bytes.
-    -   **CpuShares** - An integer value containing the container's CPU Shares
-          (ie. the relative weight vs other containers).
-    -   **CpuPeriod** - The length of a CPU period in microseconds.
-    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
-    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
-    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
     -   **PortBindings** - A map of exposed container ports and the host port they
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
@@ -1210,7 +1215,7 @@ following section.
 
 `GET /containers/(id or name)/archive`
 
-Get a tar archive of a resource in the filesystem of container `id`.
+Get an tar archive of a resource in the filesystem of container `id`.
 
 Query Parameters:
 
@@ -1486,14 +1491,14 @@ Query Parameters:
                 }
             }
 
-    This object maps the hostname of a registry to an object containing the
-    "username" and "password" for that registry. Multiple registries may
-    be specified as the build may be based on an image requiring
-    authentication to pull from any arbitrary registry. Only the registry
-    domain name (and port if not the default "443") are required. However
-    (for legacy reasons) the "official" Docker, Inc. hosted registry must
-    be specified with both a "https://" prefix and a "/v1/" suffix even
-    though Docker will prefer to use the v2 registry API.
+        This object maps the hostname of a registry to an object containing the
+        "username" and "password" for that registry. Multiple registries may
+        be specified as the build may be based on an image requiring
+        authentication to pull from any arbitrary registry. Only the registry
+        domain name (and port if not the default "443") are required. However
+        (for legacy reasons) the "official" Docker, Inc. hosted registry must
+        be specified with both a "https://" prefix and a "/v1/" suffix even
+        though Docker will prefer to use the v2 registry API.
 
 Status Codes:
 
@@ -1768,7 +1773,7 @@ Tag the image `name` into a repository
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
 
 Query Parameters:
 
@@ -2265,7 +2270,7 @@ Sets up an exec instance in a running container `id`
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: application/json
 
     {
@@ -2309,8 +2314,8 @@ interactive session with the `exec` command.
 
 **Example response**:
 
-    HTTP/1.1 200 OK
-    Content-Type: application/vnd.docker.raw-stream
+    HTTP/1.1 201 OK
+    Content-Type: application/json
 
     {{ STREAM }}
 
@@ -2342,7 +2347,7 @@ This API is valid only if `tty` was specified as part of creating and starting t
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: text/plain
 
 Query Parameters:

docs/reference/api/docker_remote_api_v1.22.md

@@ -246,9 +246,20 @@ Create a container
                    "com.example.license": "GPL",
                    "com.example.version": "1.0"
            },
+           "Mounts": [
+             {
+               "Name": "fac362...80535",
+               "Source": "/data",
+               "Destination": "/data",
+               "Driver": "local",
+               "Mode": "ro,Z",
+               "RW": false,
+               "Propagation": ""
+             }
+           ],
            "Volumes": {
              "/volumes/data": {}
-           },
+           }
            "WorkingDir": "",
            "NetworkDisabled": false,
            "MacAddress": "12:34:56:78:9a:bc",
@@ -294,21 +305,10 @@ Create a container
              "Devices": [],
              "Ulimits": [{}],
              "LogConfig": { "Type": "json-file", "Config": {} },
-             "SecurityOpt": [],
+             "SecurityOpt": [""],
              "CgroupParent": "",
              "VolumeDriver": "",
              "ShmSize": 67108864
-          },
-          "NetworkingConfig": {
-          "EndpointsConfig": {
-              "isolated_nw" : {
-                  "IPAMConfig": {
-                      "IPv4Address":"172.20.30.33",
-                      "IPv6Address":"2001:db8:abcd::3033"
-                  },
-                  "Links":["container_1", "container_2"],
-                  "Aliases":["server_x", "server_y"]
-              }
           }
       }
 
@@ -329,6 +329,31 @@ Json Parameters:
 -   **Domainname** - A string value containing the domain name to use
       for the container.
 -   **User** - A string value specifying the user inside the container.
+-   **Memory** - Memory limit in bytes.
+-   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+      You must use this with `memory` and make the swap value larger than `memory`.
+-   **MemoryReservation** - Memory soft limit in bytes.
+-   **KernelMemory** - Kernel memory limit in bytes.
+-   **CpuShares** - An integer value containing the container's CPU Shares
+      (ie. the relative weight vs other containers).
+-   **CpuPeriod** - The length of a CPU period in microseconds.
+-   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **Cpuset** - Deprecated please don't use. Use `CpusetCpus` instead.
+-   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+-   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+-   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+-   **BlkioWeightDevice** - Block IO weight (relative device weight) in the form of:        `"BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]`
+-   **BlkioDeviceReadBps** - Limit read rate (bytes per second) from a device in the form of:	`"BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+-   **BlkioDeviceWriteBps** - Limit write rate (bytes per second) to a device in the form of:	`"BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+-   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+-   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+-   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+-   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+-   **OomScoreAdj** - An integer value containing the score given to the container in order to tune OOM killer preferences.
 -   **AttachStdin** - Boolean value, attaches to `stdin`.
 -   **AttachStdout** - Boolean value, attaches to `stdout`.
 -   **AttachStderr** - Boolean value, attaches to `stderr`.
@@ -341,8 +366,7 @@ Json Parameters:
 -   **Entrypoint** - Set the entry point for the container as a string or an array
       of strings.
 -   **Image** - A string specifying the image name to use for the container.
--   **Volumes** - An object mapping mount point paths (strings) inside the
-      container to empty objects.
+-   **Mounts** - An array of mount points in the container.
 -   **WorkingDir** - A string specifying the working directory for commands to
       run in.
 -   **NetworkDisabled** - Boolean value, when true disables networking for the
@@ -358,30 +382,6 @@ Json Parameters:
            + `volume_name:container_path:ro` to make the bind mount read-only inside the container.
     -   **Links** - A list of links for the container. Each link entry should be
           in the form of `container_name:alias`.
-    -   **Memory** - Memory limit in bytes.
-    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
-          You must use this with `memory` and make the swap value larger than `memory`.
-    -   **MemoryReservation** - Memory soft limit in bytes.
-    -   **KernelMemory** - Kernel memory limit in bytes.
-    -   **CpuShares** - An integer value containing the container's CPU Shares
-          (ie. the relative weight vs other containers).
-    -   **CpuPeriod** - The length of a CPU period in microseconds.
-    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
-    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
-    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-    -   **BlkioWeightDevice** - Block IO weight (relative device weight) in the form of:        `"BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]`
-    -   **BlkioDeviceReadBps** - Limit read rate (bytes per second) from a device in the form of:	`"BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
-    -   **BlkioDeviceWriteBps** - Limit write rate (bytes per second) to a device in the form of:	`"BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
-    -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
-    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
-    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
-    -   **OomScoreAdj** - An integer value containing the score given to the container in order to tune OOM killer preferences.
     -   **PortBindings** - A map of exposed container ports and the host port they
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
@@ -1389,7 +1389,7 @@ following section.
 
 `GET /containers/(id or name)/archive`
 
-Get a tar archive of a resource in the filesystem of container `id`.
+Get an tar archive of a resource in the filesystem of container `id`.
 
 Query Parameters:
 
@@ -1666,14 +1666,14 @@ Query Parameters:
                 }
             }
 
-    This object maps the hostname of a registry to an object containing the
-    "username" and "password" for that registry. Multiple registries may
-    be specified as the build may be based on an image requiring
-    authentication to pull from any arbitrary registry. Only the registry
-    domain name (and port if not the default "443") are required. However
-    (for legacy reasons) the "official" Docker, Inc. hosted registry must
-    be specified with both a "https://" prefix and a "/v1/" suffix even
-    though Docker will prefer to use the v2 registry API.
+        This object maps the hostname of a registry to an object containing the
+        "username" and "password" for that registry. Multiple registries may
+        be specified as the build may be based on an image requiring
+        authentication to pull from any arbitrary registry. Only the registry
+        domain name (and port if not the default "443") are required. However
+        (for legacy reasons) the "official" Docker, Inc. hosted registry must
+        be specified with both a "https://" prefix and a "/v1/" suffix even
+        though Docker will prefer to use the v2 registry API.
 
 Status Codes:
 
@@ -1984,7 +1984,7 @@ Tag the image `name` into a repository
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
 
 Query Parameters:
 
@@ -2359,157 +2359,49 @@ Docker networks report the following events:
 
     HTTP/1.1 200 OK
     Content-Type: application/json
-    Server: Docker/1.10.0 (linux)
-    Date: Fri, 29 Apr 2016 15:18:06 GMT
-    Transfer-Encoding: chunked
 
-    {
-      "status": "pull",
-      "id": "alpine:latest",
-      "Type": "image",
-      "Action": "pull",
-      "Actor": {
-        "ID": "alpine:latest",
-        "Attributes": {
-          "name": "alpine"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101301854122
-    }
-    {
-      "status": "create",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "create",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101381709551
-    }
-    {
-      "status": "attach",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "attach",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101383858412
-    }
-    {
-      "Type": "network",
-      "Action": "connect",
-      "Actor": {
-        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
-        "Attributes": {
-          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-          "name": "bridge",
-          "type": "bridge"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101394865557
-    }
-    {
-      "status": "start",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "start",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101607533796
-    }
-    {
-      "status": "resize",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "resize",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "height": "46",
-          "image": "alpine",
-          "name": "my-container",
-          "width": "204"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101610269268
-    }
-    {
-      "status": "die",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "die",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "exitCode": "0",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943105,
-      "timeNano": 1461943105079144137
-    }
-    {
-      "Type": "network",
-      "Action": "disconnect",
-      "Actor": {
-        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
-        "Attributes": {
-          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-          "name": "bridge",
-          "type": "bridge"
-        }
-      },
-      "time": 1461943105,
-      "timeNano": 1461943105230860245
-    }
-    {
-      "status": "destroy",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "destroy",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943105,
-      "timeNano": 1461943105338056026
-    }
+    [
+	    {
+		"action": "pull",
+		"type": "image",
+		"actor": {
+			"id": "busybox:latest",
+			"attributes": {}
+		}
+		"time": 1442421700,
+		"timeNano": 1442421700598988358
+	    },
+            {
+		"action": "create",
+		"type": "container",
+		"actor": {
+			"id": "5745704abe9caa5",
+			"attributes": {"image": "busybox"}
+		}
+		"time": 1442421716,
+		"timeNano": 1442421716853979870
+	    },
+            {
+		"action": "attach",
+		"type": "container",
+		"actor": {
+			"id": "5745704abe9caa5",
+			"attributes": {"image": "busybox"}
+		}
+		"time": 1442421716,
+		"timeNano": 1442421716894759198
+	    },
+            {
+		"action": "start",
+		"type": "container",
+		"actor": {
+			"id": "5745704abe9caa5",
+			"attributes": {"image": "busybox"}
+		}
+		"time": 1442421716,
+		"timeNano": 1442421716983607193
+	    }
+    ]
 
 Query Parameters:
 
@@ -2655,7 +2547,7 @@ Sets up an exec instance in a running container `id`
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: application/json
 
     {
@@ -2702,8 +2594,8 @@ interactive session with the `exec` command.
 
 **Example response**:
 
-    HTTP/1.1 200 OK
-    Content-Type: application/vnd.docker.raw-stream
+    HTTP/1.1 201 OK
+    Content-Type: application/json
 
     {{ STREAM }}
 
@@ -2735,7 +2627,7 @@ This API is valid only if `tty` was specified as part of creating and starting t
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: text/plain
 
 Query Parameters:
@@ -2761,28 +2653,112 @@ Return low-level information about the `exec` command `id`.
 **Example response**:
 
     HTTP/1.1 200 OK
-    Content-Type: application/json
+    Content-Type: plain/text
 
     {
-        "CanRemove": false,
-        "ContainerID": "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126",
-        "DetachKeys": "",
-        "ExitCode": 2,
-        "ID": "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b",
-        "OpenStderr": true,
-        "OpenStdin": true,
-        "OpenStdout": true,
-        "ProcessConfig": {
-            "arguments": [
-                "-c",
-                "exit 2"
-            ],
-            "entrypoint": "sh",
-            "privileged": false,
-            "tty": true,
-            "user": "1000"
+      "ID" : "11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39",
+      "Running" : false,
+      "ExitCode" : 2,
+      "ProcessConfig" : {
+        "privileged" : false,
+        "user" : "",
+        "tty" : false,
+        "entrypoint" : "sh",
+        "arguments" : [
+          "-c",
+          "exit 2"
+        ]
+      },
+      "OpenStdin" : false,
+      "OpenStderr" : false,
+      "OpenStdout" : false,
+      "Container" : {
+        "State" : {
+          "Status" : "running",
+          "Running" : true,
+          "Paused" : false,
+          "Restarting" : false,
+          "OOMKilled" : false,
+          "Pid" : 3650,
+          "ExitCode" : 0,
+          "Error" : "",
+          "StartedAt" : "2014-11-17T22:26:03.717657531Z",
+          "FinishedAt" : "0001-01-01T00:00:00Z"
         },
-        "Running": false
+        "ID" : "8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c",
+        "Created" : "2014-11-17T22:26:03.626304998Z",
+        "Path" : "date",
+        "Args" : [],
+        "Config" : {
+          "Hostname" : "8f177a186b97",
+          "Domainname" : "",
+          "User" : "",
+          "AttachStdin" : false,
+          "AttachStdout" : false,
+          "AttachStderr" : false,
+          "ExposedPorts" : null,
+          "Tty" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "Env" : [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ],
+          "Cmd" : [
+            "date"
+          ],
+          "Image" : "ubuntu",
+          "Volumes" : null,
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "NetworkDisabled" : false,
+          "MacAddress" : "",
+          "OnBuild" : null,
+          "SecurityOpt" : null
+        },
+        "Image" : "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
+        "NetworkSettings": {
+            "Bridge": "",
+            "SandboxID": "",
+            "HairpinMode": false,
+            "LinkLocalIPv6Address": "",
+            "LinkLocalIPv6PrefixLen": 0,
+            "Ports": null,
+            "SandboxKey": "",
+            "SecondaryIPAddresses": null,
+            "SecondaryIPv6Addresses": null,
+            "EndpointID": "",
+            "Gateway": "",
+            "GlobalIPv6Address": "",
+            "GlobalIPv6PrefixLen": 0,
+            "IPAddress": "",
+            "IPPrefixLen": 0,
+            "IPv6Gateway": "",
+            "MacAddress": "",
+            "Networks": {
+                "bridge": {
+                    "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                    "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+                    "Gateway": "172.17.0.1",
+                    "IPAddress": "172.17.0.2",
+                    "IPPrefixLen": 16,
+                    "IPv6Gateway": "",
+                    "GlobalIPv6Address": "",
+                    "GlobalIPv6PrefixLen": 0,
+                    "MacAddress": "02:42:ac:12:00:02"
+                }
+            }
+        },
+        "ResolvConfPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/resolv.conf",
+        "HostnamePath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hostname",
+        "HostsPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hosts",
+        "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+        "Name" : "/test",
+        "Driver" : "aufs",
+        "ExecDriver" : "native-0.2",
+        "MountLabel" : "",
+        "ProcessLabel" : "",
+        "AppArmorProfile" : "",
+        "RestartCount" : 0,
+        "Mounts" : []
+      }
     }
 
 Status Codes:
@@ -2813,8 +2789,7 @@ Status Codes:
           "Driver": "local",
           "Mountpoint": "/var/lib/docker/volumes/tardis"
         }
-      ],
-      "Warnings": []
+      ]
     }
 
 Query Parameters:
@@ -3070,17 +3045,11 @@ Content-Type: application/json
   "Name":"isolated_nw",
   "Driver":"bridge",
   "IPAM":{
-    "Config":[
-       {
-          "Subnet":"172.20.0.0/16",
-          "IPRange":"172.20.10.0/24",
-          "Gateway":"172.20.10.11"
-        },
-        {
-          "Subnet":"2001:db8:abcd::/64",
-          "Gateway":"2001:db8:abcd::1011"
-        }
-    ],
+    "Config":[{
+      "Subnet":"172.20.0.0/16",
+      "IPRange":"172.20.10.0/24",
+      "Gateway":"172.20.10.11"
+    }],
     "Options": {
         "foo": "bar"
     }

docs/reference/api/docker_remote_api_v1.23.md

@@ -265,9 +265,20 @@ Create a container
                    "com.example.license": "GPL",
                    "com.example.version": "1.0"
            },
+           "Mounts": [
+             {
+               "Name": "fac362...80535",
+               "Source": "/data",
+               "Destination": "/data",
+               "Driver": "local",
+               "Mode": "ro,Z",
+               "RW": false,
+               "Propagation": ""
+             }
+           ],
            "Volumes": {
              "/volumes/data": {}
-           },
+           }
            "WorkingDir": "",
            "NetworkDisabled": false,
            "MacAddress": "12:34:56:78:9a:bc",
@@ -296,7 +307,6 @@ Create a container
              "MemorySwappiness": 60,
              "OomKillDisable": false,
              "OomScoreAdj": 500,
-             "PidsLimit": -1,
              "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
              "PublishAllPorts": false,
              "Privileged": false,
@@ -314,21 +324,10 @@ Create a container
              "Devices": [],
              "Ulimits": [{}],
              "LogConfig": { "Type": "json-file", "Config": {} },
-             "SecurityOpt": [],
+             "SecurityOpt": [""],
              "CgroupParent": "",
              "VolumeDriver": "",
              "ShmSize": 67108864
-          },
-          "NetworkingConfig": {
-          "EndpointsConfig": {
-              "isolated_nw" : {
-                  "IPAMConfig": {
-                      "IPv4Address":"172.20.30.33",
-                      "IPv6Address":"2001:db8:abcd::3033"
-                  },
-                  "Links":["container_1", "container_2"],
-                  "Aliases":["server_x", "server_y"]
-              }
           }
       }
 
@@ -349,6 +348,32 @@ Json Parameters:
 -   **Domainname** - A string value containing the domain name to use
       for the container.
 -   **User** - A string value specifying the user inside the container.
+-   **Memory** - Memory limit in bytes.
+-   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+      You must use this with `memory` and make the swap value larger than `memory`.
+-   **MemoryReservation** - Memory soft limit in bytes.
+-   **KernelMemory** - Kernel memory limit in bytes.
+-   **CpuShares** - An integer value containing the container's CPU Shares
+      (ie. the relative weight vs other containers).
+-   **CpuPeriod** - The length of a CPU period in microseconds.
+-   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **Cpuset** - Deprecated please don't use. Use `CpusetCpus` instead.
+-   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+-   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+-   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+-   **BlkioWeightDevice** - Block IO weight (relative device weight) in the form of:        `"BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]`
+-   **BlkioDeviceReadBps** - Limit read rate (bytes per second) from a device in the form of:	`"BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+-   **BlkioDeviceWriteBps** - Limit write rate (bytes per second) to a device in the form of:	`"BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+-   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+-   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+	`"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+-   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+-   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+-   **OomScoreAdj** - An integer value containing the score given to the container in order to tune OOM killer preferences.
+-   **PidsLimit** - Tune a container's pids limit. Set -1 for unlimited.
 -   **AttachStdin** - Boolean value, attaches to `stdin`.
 -   **AttachStdout** - Boolean value, attaches to `stdout`.
 -   **AttachStderr** - Boolean value, attaches to `stderr`.
@@ -361,8 +386,7 @@ Json Parameters:
 -   **Entrypoint** - Set the entry point for the container as a string or an array
       of strings.
 -   **Image** - A string specifying the image name to use for the container.
--   **Volumes** - An object mapping mount point paths (strings) inside the
-      container to empty objects.
+-   **Mounts** - An array of mount points in the container.
 -   **WorkingDir** - A string specifying the working directory for commands to
       run in.
 -   **NetworkDisabled** - Boolean value, when true disables networking for the
@@ -371,44 +395,13 @@ Json Parameters:
       `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
 -   **StopSignal** - Signal to stop a container as a string or unsigned integer. `SIGTERM` by default.
 -   **HostConfig**
-    - **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms:
-      - `host_path:container_path[:options]` to bind-mount a host path into the container
-      - `volume_name:container_path[:options]` to bind-mount a volume managed by a volume driver into the container.
-
-        `options` is a comma-delimited list of:
-          - `[ro|rw]` mounts a volume read-only or read-write, respectively. If omitted or set to `rw`, volumes are mounted read-write.
-          - `[z|Z]` specifies that multiple containers can read and write to the same volume.
-            - `z`: a _shared_ content label is applied to the content. This label indicates that multiple containers can share the volume content, for both reading and writing.
-            - `Z`: a _private unshared_ label is applied to the content. This label indicates that only the current container can use a private volume. Labeling systems such as SELinux require proper labels to be placed on volume content that is mounted into a container. Without a label, the security system can prevent a container's processes from using the content. By default, the labels set by the host operating system are not modified.
-          - `[[r]shared|[r]slave|[r]private]` specifies mount [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt). This only applies to bind-mounted volumes, not internal volumes or named volumes. Mount propagation requires the source mount point (the location where the source directory is mounted in the host operating system) to have the correct propagation properties. For shared volumes, the source mount point must be set to `shared`. For slave volumes, the mount must be set to either `shared` or `slave`.
-          - `nocopy` disables automatic copying of data from the container path to the volume. The `nocopy` flag only applies to named volumes.
+    -   **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+           + `host_path:container_path` to bind-mount a host path into the container
+           + `host_path:container_path:ro` to make the bind-mount read-only inside the container.
+           + `volume_name:container_path` to bind-mount a volume managed by a volume plugin into the container.
+           + `volume_name:container_path:ro` to make the bind mount read-only inside the container.
     -   **Links** - A list of links for the container. Each link entry should be
           in the form of `container_name:alias`.
-    -   **Memory** - Memory limit in bytes.
-    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
-          You must use this with `memory` and make the swap value larger than `memory`.
-    -   **MemoryReservation** - Memory soft limit in bytes.
-    -   **KernelMemory** - Kernel memory limit in bytes.
-    -   **CpuShares** - An integer value containing the container's CPU Shares
-          (ie. the relative weight vs other containers).
-    -   **CpuPeriod** - The length of a CPU period in microseconds.
-    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
-    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
-    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-    -   **BlkioWeightDevice** - Block IO weight (relative device weight) in the form of:        `"BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]`
-    -   **BlkioDeviceReadBps** - Limit read rate (bytes per second) from a device in the form of:	`"BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
-    -   **BlkioDeviceWriteBps** - Limit write rate (bytes per second) to a device in the form of:	`"BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
-    -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
-    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
-        `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
-    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
-    -   **OomScoreAdj** - An integer value containing the score given to the container in order to tune OOM killer preferences.
-    -   **PidsLimit** - Tune a container's pids limit. Set -1 for unlimited.
     -   **PortBindings** - A map of exposed container ports and the host port they
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
@@ -523,8 +516,8 @@ Return low-level information on the container `id`
 			"Tty": false,
 			"User": "",
 			"Volumes": {
-				"/volumes/data": {}
-			},
+                          "/volumes/data": {}
+                        },
 			"WorkingDir": "",
 			"StopSignal": "SIGTERM"
 		},
@@ -1425,7 +1418,7 @@ following section.
 
 `GET /containers/(id or name)/archive`
 
-Get a tar archive of a resource in the filesystem of container `id`.
+Get an tar archive of a resource in the filesystem of container `id`.
 
 Query Parameters:
 
@@ -1666,7 +1659,7 @@ Query Parameters:
         You can provide one or more `t` parameters.
 -   **remote** – A Git repository URI or HTTP/HTTPS URI build source. If the
         URI specifies a filename, the file's contents are placed into a file
-        called `Dockerfile`.
+		called `Dockerfile`.
 -   **q** – Suppress verbose build output.
 -   **nocache** – Do not use the cache when building the image.
 -   **pull** - Attempt to pull the image even if an older image exists locally.
@@ -1684,7 +1677,6 @@ Query Parameters:
         variable expansion in other Dockerfile instructions. This is not meant for
         passing secret values. [Read more about the buildargs instruction](../../reference/builder.md#arg)
 -   **shmsize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
--   **labels** – JSON map of string pairs for labels to set on the image.
 
     Request Headers:
 
@@ -1703,14 +1695,14 @@ Query Parameters:
                 }
             }
 
-    This object maps the hostname of a registry to an object containing the
-    "username" and "password" for that registry. Multiple registries may
-    be specified as the build may be based on an image requiring
-    authentication to pull from any arbitrary registry. Only the registry
-    domain name (and port if not the default "443") are required. However
-    (for legacy reasons) the "official" Docker, Inc. hosted registry must
-    be specified with both a "https://" prefix and a "/v1/" suffix even
-    though Docker will prefer to use the v2 registry API.
+        This object maps the hostname of a registry to an object containing the
+        "username" and "password" for that registry. Multiple registries may
+        be specified as the build may be based on an image requiring
+        authentication to pull from any arbitrary registry. Only the registry
+        domain name (and port if not the default "443") are required. However
+        (for legacy reasons) the "official" Docker, Inc. hosted registry must
+        be specified with both a "https://" prefix and a "/v1/" suffix even
+        though Docker will prefer to use the v2 registry API.
 
 Status Codes:
 
@@ -2028,7 +2020,7 @@ Tag the image `name` into a repository
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
 
 Query Parameters:
 
@@ -2410,158 +2402,49 @@ Docker networks report the following events:
 
     HTTP/1.1 200 OK
     Content-Type: application/json
-    Server: Docker/1.11.0 (linux)
-    Date: Fri, 29 Apr 2016 15:18:06 GMT
-    Transfer-Encoding: chunked
-
-    {
-      "status": "pull",
-      "id": "alpine:latest",
-      "Type": "image",
-      "Action": "pull",
-      "Actor": {
-        "ID": "alpine:latest",
-        "Attributes": {
-          "name": "alpine"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101301854122
-    }
-    {
-      "status": "create",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "create",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101381709551
-    }
-    {
-      "status": "attach",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "attach",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101383858412
-    }
-    {
-      "Type": "network",
-      "Action": "connect",
-      "Actor": {
-        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
-        "Attributes": {
-          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-          "name": "bridge",
-          "type": "bridge"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101394865557
-    }
-    {
-      "status": "start",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "start",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101607533796
-    }
-    {
-      "status": "resize",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "resize",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "height": "46",
-          "image": "alpine",
-          "name": "my-container",
-          "width": "204"
-        }
-      },
-      "time": 1461943101,
-      "timeNano": 1461943101610269268
-    }
-    {
-      "status": "die",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "die",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "exitCode": "0",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943105,
-      "timeNano": 1461943105079144137
-    }
-    {
-      "Type": "network",
-      "Action": "disconnect",
-      "Actor": {
-        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
-        "Attributes": {
-          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-          "name": "bridge",
-          "type": "bridge"
-        }
-      },
-      "time": 1461943105,
-      "timeNano": 1461943105230860245
-    }
-    {
-      "status": "destroy",
-      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-      "from": "alpine",
-      "Type": "container",
-      "Action": "destroy",
-      "Actor": {
-        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
-        "Attributes": {
-          "com.example.some-label": "some-label-value",
-          "image": "alpine",
-          "name": "my-container"
-        }
-      },
-      "time": 1461943105,
-      "timeNano": 1461943105338056026
-    }
 
+    [
+	    {
+		"action": "pull",
+		"type": "image",
+		"actor": {
+			"id": "busybox:latest",
+			"attributes": {}
+		}
+		"time": 1442421700,
+		"timeNano": 1442421700598988358
+	    },
+            {
+		"action": "create",
+		"type": "container",
+		"actor": {
+			"id": "5745704abe9caa5",
+			"attributes": {"image": "busybox"}
+		}
+		"time": 1442421716,
+		"timeNano": 1442421716853979870
+	    },
+            {
+		"action": "attach",
+		"type": "container",
+		"actor": {
+			"id": "5745704abe9caa5",
+			"attributes": {"image": "busybox"}
+		}
+		"time": 1442421716,
+		"timeNano": 1442421716894759198
+	    },
+            {
+		"action": "start",
+		"type": "container",
+		"actor": {
+			"id": "5745704abe9caa5",
+			"attributes": {"image": "busybox"}
+		}
+		"time": 1442421716,
+		"timeNano": 1442421716983607193
+	    }
+    ]
 
 Query Parameters:
 
@@ -2707,7 +2590,7 @@ Sets up an exec instance in a running container `id`
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: application/json
 
     {
@@ -2754,8 +2637,8 @@ interactive session with the `exec` command.
 
 **Example response**:
 
-    HTTP/1.1 200 OK
-    Content-Type: application/vnd.docker.raw-stream
+    HTTP/1.1 201 OK
+    Content-Type: application/json
 
     {{ STREAM }}
 
@@ -2787,7 +2670,7 @@ This API is valid only if `tty` was specified as part of creating and starting t
 
 **Example response**:
 
-    HTTP/1.1 201 Created
+    HTTP/1.1 201 OK
     Content-Type: text/plain
 
 Query Parameters:
@@ -2813,28 +2696,112 @@ Return low-level information about the `exec` command `id`.
 **Example response**:
 
     HTTP/1.1 200 OK
-    Content-Type: application/json
+    Content-Type: plain/text
 
     {
-        "CanRemove": false,
-        "ContainerID": "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126",
-        "DetachKeys": "",
-        "ExitCode": 2,
-        "ID": "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b",
-        "OpenStderr": true,
-        "OpenStdin": true,
-        "OpenStdout": true,
-        "ProcessConfig": {
-            "arguments": [
-                "-c",
-                "exit 2"
-            ],
-            "entrypoint": "sh",
-            "privileged": false,
-            "tty": true,
-            "user": "1000"
+      "ID" : "11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39",
+      "Running" : false,
+      "ExitCode" : 2,
+      "ProcessConfig" : {
+        "privileged" : false,
+        "user" : "",
+        "tty" : false,
+        "entrypoint" : "sh",
+        "arguments" : [
+          "-c",
+          "exit 2"
+        ]
+      },
+      "OpenStdin" : false,
+      "OpenStderr" : false,
+      "OpenStdout" : false,
+      "Container" : {
+        "State" : {
+          "Status" : "running",
+          "Running" : true,
+          "Paused" : false,
+          "Restarting" : false,
+          "OOMKilled" : false,
+          "Pid" : 3650,
+          "ExitCode" : 0,
+          "Error" : "",
+          "StartedAt" : "2014-11-17T22:26:03.717657531Z",
+          "FinishedAt" : "0001-01-01T00:00:00Z"
         },
-        "Running": false
+        "ID" : "8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c",
+        "Created" : "2014-11-17T22:26:03.626304998Z",
+        "Path" : "date",
+        "Args" : [],
+        "Config" : {
+          "Hostname" : "8f177a186b97",
+          "Domainname" : "",
+          "User" : "",
+          "AttachStdin" : false,
+          "AttachStdout" : false,
+          "AttachStderr" : false,
+          "ExposedPorts" : null,
+          "Tty" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "Env" : [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ],
+          "Cmd" : [
+            "date"
+          ],
+          "Image" : "ubuntu",
+          "Volumes" : null,
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "NetworkDisabled" : false,
+          "MacAddress" : "",
+          "OnBuild" : null,
+          "SecurityOpt" : null
+        },
+        "Image" : "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
+        "NetworkSettings": {
+            "Bridge": "",
+            "SandboxID": "",
+            "HairpinMode": false,
+            "LinkLocalIPv6Address": "",
+            "LinkLocalIPv6PrefixLen": 0,
+            "Ports": null,
+            "SandboxKey": "",
+            "SecondaryIPAddresses": null,
+            "SecondaryIPv6Addresses": null,
+            "EndpointID": "",
+            "Gateway": "",
+            "GlobalIPv6Address": "",
+            "GlobalIPv6PrefixLen": 0,
+            "IPAddress": "",
+            "IPPrefixLen": 0,
+            "IPv6Gateway": "",
+            "MacAddress": "",
+            "Networks": {
+                "bridge": {
+                    "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                    "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+                    "Gateway": "172.17.0.1",
+                    "IPAddress": "172.17.0.2",
+                    "IPPrefixLen": 16,
+                    "IPv6Gateway": "",
+                    "GlobalIPv6Address": "",
+                    "GlobalIPv6PrefixLen": 0,
+                    "MacAddress": "02:42:ac:12:00:02"
+                }
+            }
+        },
+        "ResolvConfPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/resolv.conf",
+        "HostnamePath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hostname",
+        "HostsPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hosts",
+        "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+        "Name" : "/test",
+        "Driver" : "aufs",
+        "ExecDriver" : "native-0.2",
+        "MountLabel" : "",
+        "ProcessLabel" : "",
+        "AppArmorProfile" : "",
+        "RestartCount" : 0,
+        "Mounts" : []
+      }
     }
 
 Status Codes:
@@ -2865,8 +2832,7 @@ Status Codes:
           "Driver": "local",
           "Mountpoint": "/var/lib/docker/volumes/tardis"
         }
-      ],
-      "Warnings": []
+      ]
     }
 
 Query Parameters:
@@ -2890,11 +2856,7 @@ Create a volume
     Content-Type: application/json
 
     {
-      "Name": "tardis",
-      "Labels": {
-        "com.example.some-label": "some-value",
-        "com.example.some-other-label": "some-other-value"
-      },
+      "Name": "tardis"
     }
 
 **Example response**:
@@ -2905,11 +2867,7 @@ Create a volume
     {
       "Name": "tardis",
       "Driver": "local",
-      "Mountpoint": "/var/lib/docker/volumes/tardis",
-      "Labels": {
-        "com.example.some-label": "some-value",
-        "com.example.some-other-label": "some-other-value"
-      },
+      "Mountpoint": "/var/lib/docker/volumes/tardis"
     }
 
 Status Codes:
@@ -2923,7 +2881,6 @@ JSON Parameters:
 - **Driver** - Name of the volume driver to use. Defaults to `local` for the name.
 - **DriverOpts** - A mapping of driver options and values. These options are
     passed directly to the driver and are driver specific.
-- **Labels** - Labels to set on the volume, specified as a map: `{"key":"value" [,"key2":"value2"]}`
 
 ### Inspect a volume
 
@@ -2941,13 +2898,9 @@ Return low-level information on the volume `name`
     Content-Type: application/json
 
     {
-        "Name": "tardis",
-        "Driver": "local",
-        "Mountpoint": "/var/lib/docker/volumes/tardis/_data",
-        "Labels": {
-            "com.example.some-label": "some-value",
-            "com.example.some-other-label": "some-other-value"
-        }
+      "Name": "tardis",
+      "Driver": "local",
+      "Mountpoint": "/var/lib/docker/volumes/tardis"
     }
 
 Status Codes:
@@ -3118,10 +3071,6 @@ Content-Type: application/json
     "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
     "com.docker.network.bridge.name": "docker0",
     "com.docker.network.driver.mtu": "1500"
-  },
-  "Labels": {
-    "com.example.some-label": "some-value",
-    "com.example.some-other-label": "some-other-value"
   }
 }
 ```
@@ -3145,38 +3094,19 @@ Content-Type: application/json
 
 {
   "Name":"isolated_nw",
-  "CheckDuplicate":false,
   "Driver":"bridge",
-  "EnableIPv6": true,
+  "EnableIPv6": false,
   "IPAM":{
-    "Config":[
-       {
-          "Subnet":"172.20.0.0/16",
-          "IPRange":"172.20.10.0/24",
-          "Gateway":"172.20.10.11"
-        },
-        {
-          "Subnet":"2001:db8:abcd::/64",
-          "Gateway":"2001:db8:abcd::1011"
-        }
-    ],
+    "Config":[{
+      "Subnet":"172.20.0.0/16",
+      "IPRange":"172.20.10.0/24",
+      "Gateway":"172.20.10.11"
+    }],
     "Options": {
         "foo": "bar"
     }
   },
-  "Internal":true,
-  "Options": {
-    "com.docker.network.bridge.default_bridge": "true",
-    "com.docker.network.bridge.enable_icc": "true",
-    "com.docker.network.bridge.enable_ip_masquerade": "true",
-    "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
-    "com.docker.network.bridge.name": "docker0",
-    "com.docker.network.driver.mtu": "1500"
-  },
-  "Labels": {
-    "com.example.some-label": "some-value",
-    "com.example.some-other-label": "some-other-value"
-  }
+  "Internal":true
 }
 ```
 
@@ -3201,13 +3131,12 @@ Status Codes:
 JSON Parameters:
 
 - **Name** - The new network's name. this is a mandatory field
-- **CheckDuplicate** - Requests daemon to check for networks with same name
 - **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
 - **Internal** - Restrict external access to the network
 - **IPAM** - Optional custom IP scheme for the network
 - **EnableIPv6** - Enable IPv6 on the network
 - **Options** - Network specific options to be used by the drivers
-- **Labels** - Labels to set on the network, specified as a map: `{"key":"value" [,"key2":"value2"]}`
+- **CheckDuplicate** - Requests daemon to check for networks with same name
 
 ### Connect a container to a network