docker容器的volume-from选项中的'z'标志是什么？ [英] what is 'z' flag in docker container's volumes-from option?

问题描述

在查看docker文档时，我遇到了多个卷-（ https：/ /docs.docker.com/engine/reference/commandline/run/ ）docker run命令的选项。
我不理解 ro，rw和z 选项之间的区别，它们是作为-

$ docker提供的运行--volumes-from ba8c0c54f0f2：ro -i -t ubuntu pwd

在上面的命令中， ro 选项是替换为 z 。如果有人探索使用这些选项的不同之处，我将不胜感激。

While going through the docker docs, I came across volumes-from (https://docs.docker.com/engine/reference/commandline/run/) option for docker run command. I didn't understand the differences between ro, rw, and z option provided as-
$ docker run --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd
In the above command the ro option is replaced with z. I will be thankful if anyone explores on differences of using these options.

推荐答案

可以将两个后缀：z或：Z添加到卷挂载。这些后缀告诉Docker重新标记共享卷上的文件对象。 z选项告诉Docker，卷内容将在容器之间共享。 Docker将使用共享内容标签为内容添加标签。共享卷标签允许所有容器读取/写入内容。 Z选项告诉Docker使用私有的未共享标签来标记内容。

Two suffixes :z or :Z can be added to the volume mount. These suffixes tell Docker to relabel file objects on the shared volumes. The 'z' option tells Docker that the volume content will be shared between containers. Docker will label the content with a shared content label. Shared volumes labels allow all containers to read/write content. The 'Z' option tells Docker to label the content with a private unshared label.

https://github.com/rhatdan/docker/blob/e6473011583967df4aa5a62f173fb421cae2bb1e/docs/sources/reference/commandline/cli.md

如果使用selinux，则可以添加z或Z选项来修改要装入容器的主机文件或目录的selinux标签。这会影响主机本身上的文件或目录，并可能会导致Docker范围以外的后果。

If you use selinux you can add the z or Z options to modify the selinux label of the host file or directory being mounted into the container. This affects the file or directory on the host machine itself and can have consequences outside of the scope of Docker.

z选项指示绑定装载内容在多个主机之间共享容器。
Z选项指示绑定装入内容是私有的且未共享。
使用这些选项时要格外小心。使用Z选项绑定安装系统目录（例如/ home或/ usr）会使主机无法操作，并且您可能需要手动重新标记主机文件。

The z option indicates that the bind mount content is shared among multiple containers. The Z option indicates that the bind mount content is private and unshared. Use extreme caution with these options. Bind-mounting a system directory such as /home or /usr with the Z option renders your host machine inoperable and you may need to relabel the host machine files by hand.

$ docker run -d \
-it \
–name devtest \
-v $（pwd） / target：/ app：z \
nginx：latest

https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation

这篇关于docker容器的volume-from选项中的'z'标志是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！