v1.11.0-rc2

Changelog

Items starting with DEPRECATE are important deprecation notices. For more
information on the list of deprecated flags and APIs please have a look at
https://docs.docker.com/engine/deprecated/ where target removal dates can also
be found.

1.11.0 (2016-04-12)

IMPORTANT: With Docker 1.11, a Linux docker installation is now made of 4 binaries (docker, docker-containerd, docker-containerd-shim and docker-runc). If you have scripts relying on docker being a single static binaries, please make sure to update them. Interaction with the daemon stay the same otherwise, the usage of the other binaries should be transparent. A Windows docker installation remains a single binary, docker.exe.

Builder

• Fix a bug where Docker would not used the correct uid/gid when processing the WORKDIR command (#21033)
• Fix a bug where copy operations with userns would not use the proper uid/gid (#20782, #21162)

Client

• Usage of the : separator for security option has been deprecated. = should be used instead (#21232)
• The client user agent is now passed to the registry on pull, build, push, login and search operations (#21306, #21373)
• Allow setting the Domainname and Hostname separately through the API (#20200)
• Docker info will now warn users if it can not detect the kernel version or the operating system (#21128)
• Fix an issue where docker stats --no-stream output could be all 0s (#20803)
• Fix a bug where some newly started container would not appear in a running docker stats command (#20792)
• Post processing is no longer enabled for linux-cgo terminals (#20587)
• Values to --hostname are now refused if they do not comply with RFC1123 (#20566)
• Docker learned how to use a SOCKS proxy (#20366, #18373)
• Docker now supports external credential stores (#20107)
• docker ps now supports displaying the list of volumes mounted inside a container (#20017)
• docker info now also report Docker's root directory location (#19986)
• Docker now prohibits login in with an empty username (spaces are trimmed) (#19806)
• Docker events attributes are now sorted by key (#19761)
• docker ps no longer show exported port for stopped containers (#19483)
• Docker now cleans after itself if a save/export command fails (#17849)
• Docker load learned how to display a progress bar (#17329, #120078)

Distribution

• Fix a panic that occurred when pulling an images with 0 layers (#21222)
• Fix a panic that could occur on error while pushing to a registry with a misconfigured token service (#21212)
• All first-level delegation roles are now signed when doing a trusted push (#21046)
• OAuth support for registries was added (#20970)
• docker login now handles token using the implementation found in docker/distribution (#20832)
• docker login will no longer prompt for an email (#20565)
• Docker will now fallback to registry V1 if no basic auth credentials are available (#20241)
• Docker will now try to resume layer download where it left off after a network error/timeout (#19840)
• Fix generated manifest mediaType when pushing cross-repository (#19509)

Logging

• Fix a race in the journald log driver (#21311)
• Docker syslog driver now uses the RFC-5424 format when emitting logs (#20121)
• Docker GELF log driver now allows to specify the compression algorithm and level via the gelf-compression-type and gelf-compression-level options (#19831)
• Docker daemon learned to output uncolorized logs via the --raw-logs options (#19794)
• Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named etwlogs (#19689)
• Journald log driver learned how to handle tags (#19564)
• The fluentd log driver learned the following options: fluentd-address, fluentd-buffer-limit, fluentd-retry-wait, fluentd-max-retries and fluentd-async-connect (#19439)
• Docker learned to send log to Google Cloud via the new gcplogs logging driver. (#18766)

Misc

• When saving linked images together with docker save a subsequent docker load will correctly restore their parent/child relationship (#21385)
• Support for building the Docker cli for OpenBSD was added (#21325)
• Labels can now be applied at network, volume and image creation (#21270)
• The dockremap is now created as a system user (#21266)
• Fix a few response body leaks (#21258)
• Docker, when run as a service with systemd, will now properly manage its processes cgroups (#20633)
• Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported (#20863)
• Docker info now also reports the cgroup driver in use (#20388)
• Docker completion is now available on PowerShell (#19894)
• dockerinit is no more (#19490,#19851)
• Support for building Docker on arm64 was added (#19013)
• Experimental support for building docker.exe in a native Windows Docker installation (#18348)

Networking

• Fix a bug where IPv6 addresses were not properly handled (#20842)
• docker network inspect will now report all endpoints whether they have an active container or not (#21160)
• Experimental support for the MacVlan and IPVlan network drivers have been added (#21122)
• Output of docker network ls is now sorted by network name (#20383)
• Fix a bug where Docker would allow a network to be created with the reserved default name (#19431)
• docker network inspect now returns whether a network is internal or not (#19357)
• Control IPv6 via explicit option when creating a network (docker network create --ipv6). This shows up as a new EnableIPv6 field in docker network inspect (#17513)
• Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server #21396
• Multiple A/AAAA records from embedded DNS Server for DNS Round robin #21019

Plugins

• Fix a file descriptor leak that would occur every time plugins were enumerated (#20686)
• Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data (#20602)

Runtime

• It is now possible for containers to share the NET and IPC namespaces when userns is enabled (#21383)
• docker inspect <image-id> will now expose the rootfs layers (#21370)
• Docker Windows gained a minimal top implementation (#21354)
• Docker learned to report the faulty exe when a container cannot be started due to its condition (#21345)
• Docker with device mapper will now refuse to run if udev sync is not available (#21097)
• Fix a bug where Docker would not validate the config file upon configuration reload (#21089)
• Fix a hang that would happen on attach if initial start was to fail (#21048)
• Fix an issue where registry service options in the daemon configuration file were not properly taken into account (#21045)
• Fix a race between the exec and resize operations (#21022)
• Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events (#21013)
• Fix the handling of Docker command when passed a 64 bytes id (#21002)
• Docker will now return a 204 (i.e http.StatusNoContent) code when it successfully deleted a network (#20977)
• Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own (#20967
• The devmapper driver learned the dm.min_free_space option. If the mapped device free space reaches the passed value, new device creation will be prohibited. (#20786)
• Docker can now prevent processes in container to gain new privileges via the --security-opt=no-new-privileges flag (#20727)
• Starting a container with the --device option will now correctly resolves symlinks (#20684)
• Docker now relies on containerd and runc to spawn containers. (#20662)
• Fix docker configuration reloading to only alter value present in the given config file (#20604)
• Docker now allows setting a container hostname via the --hostname flag when --net=host (#20177)
• Docker now allows executing privileged container while running with --userns-remap if both --privileged and the new --userns=host flag are specified (#20111)
• Fix Docker not cleaning up correctly old containers upon restarting after a crash (#19679)
• Docker will now error out if it doesn't recognize a configuration key within the config file (#19517)
• Fix container loading, on daemon startup, when they depends on a plugin running within a container (#19500)
• docker update learned how to change a container restart policy (#19116)
• docker inspect now also returns a new State field containing the container state in a human readable way (i.e. one of created, restarting, running, paused, exited or dead)(#18966)
• Docker learned to limit the number of active pids (i.e. processes) within the container via the pids-limit flags. NOTE: This requires CGROUP_PIDS=y to be in the kernel configuration. (#18697)
• docker load now has a --quiet option to suppress the load output (#20078)

Security

• Object with the pcp_pmcd_t selinux type were given management access to /var/lib/docker(/.*)? (#21370)
• restart_syscall, copy_file_range, mlock2 joined the list of allowed calls in the default seccomp profile (#21117, #21262)
• send, recv and x32 were added to the list of allowed syscalls and arch in the default seccomp profile (#19432)

Volumes

• Output of docker volume ls is now sorted by volume name (#20389)
• Local volumes can now accepts options similar to the unix mount tool (#20262)
• Fix an issue where one letter directory name could not be used as source for volumes (#21106)
• docker run -v now accepts a new flag nocopy. This tell the runtime not to copy the container path content into the volume (which is the default behavior) (#21223)

Downloads

deb/rpm install: curl -fsSL https://test.docker.com/ | sh
Linux 64bit tgz: https://test.docker.com/builds/Linux/x86_64/docker-1.11.0-rc2.tgz
Darwin/OSX 64bit client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-1.11.0-rc2.tgz
Windows 64bit client tgz: https://test.docker.com/builds/Windows/x86_64/docker-1.11.0-rc2.tgz
Windows 32bit client tgz: https://test.docker.com/builds/Windows/i386/docker-1.11.0-rc2.tgz