import "github.com/docker/docker/daemon"
Package daemon exposes the functions that occur on the host server that the Docker daemon is running.
In implementing the various functions of the daemon, there is often a method-specific struct for configuring the runtime behavior.
apparmor_default.go archive.go archive_tarcopyoptions.go archive_tarcopyoptions_unix.go archive_unix.go attach.go auth.go changes.go checkpoint.go cluster.go commit.go configs.go configs_linux.go container.go container_linux.go container_operations.go container_operations_unix.go content.go create.go create_unix.go daemon.go daemon_linux.go daemon_unix.go debugtrap_unix.go delete.go dependency.go devices_linux.go disk_usage.go errors.go events.go exec.go exec_linux.go export.go health.go info.go info_unix.go inspect.go inspect_linux.go keys.go kill.go licensing.go links.go list.go list_unix.go logdrivers_linux.go logs.go metrics.go metrics_unix.go monitor.go mounts.go names.go network.go nvidia_linux.go oci_linux.go oci_utils.go pause.go prune.go reload.go reload_unix.go rename.go resize.go restart.go runtime_unix.go seccomp_disabled.go secrets.go secrets_linux.go start.go start_unix.go stats.go stats_collector.go stats_unix.go stop.go top_unix.go trustkey.go unpause.go update.go update_linux.go volumes.go volumes_linux.go volumes_unix.go wait.go workdir.go
const (
// DefaultShimBinary is the default shim to be used by containerd if none
// is specified
DefaultShimBinary = "containerd-shim"
// DefaultRuntimeBinary is the default runtime to be used by
// containerd if none is specified
DefaultRuntimeBinary = "runc"
)const (
ContainersNamespace = "moby"
)ContainersNamespace is the name of the namespace used for users containers
ErrExtractPointNotDirectory is used to convey that the operation to extract a tar archive to a directory in a container has failed because the specified path does not refer to a directory.
var (
// ErrRootFSReadOnly is returned when a container
// rootfs is marked readonly.
ErrRootFSReadOnly = errors.New("container rootfs is marked read-only")
)var (
// ErrVolumeReadonly is used to signal an error when trying to copy data into
// a volume mount that is not writable.
ErrVolumeReadonly = errors.New("mounted volume is marked read-only")
)CreateDaemonRoot creates the root for the daemon
IsRunningSystemd is from https://github.com/opencontainers/runc/blob/46be7b612e2533c494e6a251111de46d8e286ed5/libcontainer/cgroups/systemd/common.go#L27-L33
ModifyRootKeyLimit checks to see if the root key limit is set to at least 1000000 and changes it to that limit along with the maxbytes allocated to the keys at a 25 to 1 multiplier.
UsingSystemd returns true if cli option includes native.cgroupdriver=systemd
VerifyCgroupDriver validates native.cgroupdriver
WithApparmor sets the apparmor profile
WithCapabilities sets the container's capabilties
WithCgroups sets the container's cgroups
WithCommonOptions sets common docker options
WithDevices sets the container's devices
WithLibnetwork sets the libnetwork hook
WithMounts sets the container's mounts
WithNamespaces sets the container's namespaces
WithOOMScore sets the oom score
WithResources applies the container resources
WithRlimits sets the container's rlimits along with merging the daemon's rlimits
WithRootless sets the spec to the rootless configuration
WithSeccomp sets the seccomp profile
WithSelinux sets the selinux labels
WithSysctls sets the container's sysctls
WithUser sets the container's user
type Cluster interface {
ClusterStatus
NetworkManager
SendClusterEvent(event lncluster.ConfigEventType)
}Cluster is the interface for github.com/docker/docker/daemon/cluster.(*Cluster).
ClusterStatus interface provides information about the Swarm status of the Cluster
type Daemon struct {
ID string
RegistryService registry.Service
EventsService *events.Events
PluginStore *plugin.Store // todo: remove
// contains filtered or unexported fields
}Daemon holds information about the Docker daemon.
func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.Store) (daemon *Daemon, err error)
NewDaemon sets up everything for the daemon to be able to service requests from the webserver.
ActivateContainerServiceBinding puts this container into load balancer active rotation and DNS response
func (daemon *Daemon) AuthenticateToRegistry(ctx context.Context, authConfig *types.AuthConfig) (string, string, error)
AuthenticateToRegistry checks the validity of credentials in authConfig
BuilderBackend returns the backend used by builder
CheckpointCreate checkpoints the process running in a container with CRIU
CheckpointDelete deletes the specified checkpoint
func (daemon *Daemon) CheckpointList(name string, config types.CheckpointListOptions) ([]types.Checkpoint, error)
CheckpointList lists all checkpoints of the specified container
Cleanup releases any network resources allocated to the container along with any rules around how containers are linked together. It also unmounts the container's root filesystem.
func (daemon *Daemon) ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
ConnectContainerToNetwork connects the given container to the given network. If either cannot be found, an err is returned. If the network cannot be set up, an err is returned.
func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName string, endpointConfig *networktypes.EndpointSettings) error
ConnectToNetwork connects a container to a network
func (daemon *Daemon) ContainerArchivePath(name string, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error)
ContainerArchivePath creates an archive of the filesystem resource at the specified path in the container identified by the given name. Returns a tar archive of the resource and whether it was a directory or a single file.
ContainerAttach attaches to logs according to the config passed in. See ContainerAttachConfig.
func (daemon *Daemon) ContainerAttachRaw(prefixOrName string, stdin io.ReadCloser, stdout, stderr io.Writer, doStream bool, attached chan struct{}) error
ContainerAttachRaw attaches the provided streams to the container's stdio
ContainerChanges returns a list of container fs changes
ContainerCopy performs a deprecated operation of archiving the resource at the specified path in the container identified by the given name.
func (daemon *Daemon) ContainerCreate(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error)
ContainerCreate creates a regular container
func (daemon *Daemon) ContainerCreateIgnoreImagesArgsEscaped(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error)
ContainerCreateIgnoreImagesArgsEscaped creates a regular container. This is called from the builder RUN case and ensures that we do not take the images ArgsEscaped
ContainerCreateWorkdir creates the working directory. This solves the issue arising from https://github.com/docker/docker/issues/27545, which was initially fixed by https://github.com/docker/docker/pull/27884. But that fix was too expensive in terms of performance on Windows. Instead, https://github.com/docker/docker/pull/28514 introduces this new functionality where the builder calls into the backend here to create the working directory.
ContainerExecCreate sets up an exec in a running container.
ContainerExecInspect returns low-level information about the exec command. An error is returned if the exec cannot be found.
ContainerExecResize changes the size of the TTY of the process running in the exec with the given name to the given height and width.
func (daemon *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) (err error)
ContainerExecStart starts a previously set up exec instance. The std streams are set up. If ctx is cancelled, the process is terminated.
ContainerExport writes the contents of the container to the given writer. An error is returned if the container cannot be found.
func (daemon *Daemon) ContainerExtractToDir(name, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) error
ContainerExtractToDir extracts the given archive to the specified location in the filesystem of the container identified by the given name. The given path must be of a directory in the container. If it is not, the error will be ErrExtractPointNotDirectory. If noOverwriteDirNonDir is true then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa.
func (daemon *Daemon) ContainerInspect(name string, size bool, version string) (interface{}, error)
ContainerInspect returns low-level information about a container. Returns an error if the container cannot be found, or if there is an error getting the data.
func (daemon *Daemon) ContainerInspectCurrent(name string, size bool) (*types.ContainerJSON, error)
ContainerInspectCurrent returns low-level information about a container in a most recent api version.
ContainerKill sends signal to the container If no signal is given (sig 0), then Kill with SIGKILL and wait for the container to exit. If a signal is given, then just send it to the container and return.
func (daemon *Daemon) ContainerLogs(ctx context.Context, containerName string, config *types.ContainerLogsOptions) (messages <-chan *backend.LogMessage, isTTY bool, retErr error)
ContainerLogs copies the container's log channel to the channel provided in the config. If ContainerLogs returns an error, no messages have been copied. and the channel will be closed without data.
if it returns nil, the config channel will be active and return log messages until it runs out or the context is canceled.
ContainerPause pauses a container
ContainerRename changes the name of a container, using the oldName to find the container. An error is returned if newName is already reserved.
ContainerResize changes the size of the TTY of the process running in the container with the given name to the given height and width.
ContainerRestart stops and starts a container. It attempts to gracefully stop the container within the given timeout, forcefully stopping it if the timeout is exceeded. If given a negative timeout, ContainerRestart will wait forever until a graceful stop. Returns an error if the container cannot be found, or if there is an underlying error at any stage of the restart.
ContainerRm removes the container id from the filesystem. An error is returned if the container is not found, or if the remove fails. If the remove succeeds, the container name is released, and network links are removed.
func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.HostConfig, checkpoint string, checkpointDir string) error
ContainerStart starts a container.
func (daemon *Daemon) ContainerStatPath(name string, path string) (stat *types.ContainerPathStat, err error)
ContainerStatPath stats the filesystem resource at the specified path in the container identified by the given name.
func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, config *backend.ContainerStatsConfig) error
ContainerStats writes information about the container to the stream given in the config object.
ContainerStop looks for the given container and stops it. In case the container fails to stop gracefully within a time duration specified by the timeout argument, in seconds, it is forcefully terminated (killed).
If the timeout is nil, the container's StopTimeout value is used, if set, otherwise the engine default. A negative timeout value can be specified, meaning no timeout, i.e. no forceful termination is performed.
func (daemon *Daemon) ContainerTop(name string, psArgs string) (*container.ContainerTopOKBody, error)
ContainerTop lists the processes running inside of the given container by calling ps with the given args, or with the flags "-ef" if no args are given. An error is returned if the container is not found, or is not running, or if there are any problems running ps, or parsing the output.
ContainerUnpause unpauses a container
func (daemon *Daemon) ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error)
ContainerUpdate updates configuration of the container
func (daemon *Daemon) ContainerWait(ctx context.Context, name string, condition container.WaitCondition) (<-chan container.StateStatus, error)
ContainerWait waits until the given container is in a certain state indicated by the given condition. If the container is not found, a nil channel and non-nil error is returned immediately. If the container is found, a status result will be sent on the returned channel once the wait condition is met or if an error occurs waiting for the container (such as a context timeout or cancellation). On a successful wait, the exit code of the container is returned in the status with a non-nil Err() value.
Containers returns the list of containers to show given the user's filtering.
func (daemon *Daemon) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (*types.ContainersPruneReport, error)
ContainersPrune removes unused containers
func (daemon *Daemon) CreateImageFromContainer(name string, c *backend.CreateImageConfig) (string, error)
CreateImageFromContainer creates a new image from a container. The container config will be updated by applying the change set to the custom config, then applying that config over the existing container config.
func (daemon *Daemon) CreateManagedContainer(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error)
CreateManagedContainer creates a container that is managed by a Service
func (daemon *Daemon) CreateManagedNetwork(create clustertypes.NetworkCreateRequest) error
CreateManagedNetwork creates an agent network.
func (daemon *Daemon) CreateNetwork(create types.NetworkCreateRequest) (*types.NetworkCreateResponse, error)
CreateNetwork creates a network with the given name, driver and other optional parameters
DaemonJoinsCluster informs the daemon has joined the cluster and provides the handler to query the cluster component
DaemonLeavesCluster informs the daemon has left the cluster
DeactivateContainerServiceBinding removes this container from load balancer active rotation, and DNS response
DeleteManagedNetwork deletes an agent network. The requirement of networkID is enforced.
DeleteNetwork destroys a network unless it's one of docker's predefined networks.
func (daemon *Daemon) DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error
DisconnectContainerFromNetwork disconnects the given container from the given network. If either cannot be found, an err is returned.
func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, networkName string, force bool) error
DisconnectFromNetwork disconnects container from network n.
func (daemon *Daemon) DistributionServices() images.DistributionServices
DistributionServices returns services controlling daemon storage
ExecExists looks up the exec instance and returns a bool if it exists or not. It will also return the error produced by `getConfig`
Exists returns a true if a container of the specified ID or name exists, false otherwise.
Features returns the features map from configStore
FindNetwork returns a network based on: 1. Full ID 2. Full Name 3. Partial ID as long as there is no ambiguity
ForceEndpointDelete deletes an endpoint from a network forcefully
func (daemon *Daemon) GetAttachmentStore() *network.AttachmentStore
GetAttachmentStore returns current attachment store associated with the daemon
GetByName returns a container given a name.
GetCluster returns the cluster
GetContainer looks for a container using the provided information, which could be one of the following inputs from the caller:
- A full container ID, which will exact match a container in daemon's list - A container name, which will only exact match via the GetByName() function - A partial container ID prefix (e.g. short ID) of any length that is unique enough to only return a single container object If none of these searches succeed, an error is returned
GetContainerStats collects all the stats published by a container
GetNetworkByID function returns a network whose ID matches the given ID. It fails with an error if no matching network is found.
GetNetworkByName function returns a network for a given network name. If no network name is given, the default network is returned.
GetNetworkDriverList returns the list of plugins drivers registered for network.
func (daemon *Daemon) GetNetworks(filter filters.Args, config types.NetworkListConfig) ([]types.NetworkResource, error)
GetNetworks returns a list of all networks
func (daemon *Daemon) GetNetworksByIDPrefix(partialID string) []libnetwork.Network
GetNetworksByIDPrefix returns a list of networks whose ID partially matches zero or more networks
HasExperimental returns whether the experimental features of the daemon are enabled or not
func (daemon *Daemon) IdentityMapping() *idtools.IdentityMapping
IdentityMapping returns uid/gid mapping or a SID (in the case of Windows) for the builder
func (daemon *Daemon) ImageService() *images.ImageService
ImageService returns the Daemon's ImageService
IsPaused returns a bool indicating if the specified container is paused.
IsShuttingDown tells whether the daemon is shutting down or not
IsSwarmCompatible verifies if the current daemon configuration is compatible with the swarm mode
func (daemon *Daemon) Kill(container *containerpkg.Container) error
Kill forcefully terminates a container.
List returns an array of all containers registered in the daemon.
LogContainerEvent generates an event related to a container with only the default attributes.
func (daemon *Daemon) LogContainerEventWithAttributes(container *container.Container, action string, attributes map[string]string)
LogContainerEventWithAttributes generates an event related to a container with specific given attributes.
LogDaemonEventWithAttributes generates an event related to the daemon itself with specific given attributes.
func (daemon *Daemon) LogNetworkEvent(nw libnetwork.Network, action string)
LogNetworkEvent generates an event related to a network with only the default attributes.
func (daemon *Daemon) LogNetworkEventWithAttributes(nw libnetwork.Network, action string, attributes map[string]string)
LogNetworkEventWithAttributes generates an event related to a network with specific given attributes.
LogPluginEvent generates an event related to a plugin with only the default attributes.
func (daemon *Daemon) LogPluginEventWithAttributes(pluginID, refName, action string, attributes map[string]string)
LogPluginEventWithAttributes generates an event related to a plugin with specific given attributes.
LogVolumeEvent generates an event related to a volume.
Mount sets container.BaseFS (is it not set coming in? why is it unset?)
func (daemon *Daemon) NetworkController() libnetwork.NetworkController
NetworkController returns the network controller created by the daemon.
NetworkControllerEnabled checks if the networking stack is enabled. This feature depends on OS primitives and it's disabled in systems like Windows.
func (daemon *Daemon) NetworksPrune(ctx context.Context, pruneFilters filters.Args) (*types.NetworksPruneReport, error)
NetworksPrune removes unused networks
PluginGetter returns current pluginStore associated with the daemon
PluginManager returns current pluginManager associated with the daemon
func (daemon *Daemon) ProcessClusterNotifications(ctx context.Context, watchStream chan *swarmapi.WatchMessage)
ProcessClusterNotifications gets changes from store and add them to event list
func (daemon *Daemon) ProcessEvent(id string, e libcontainerdtypes.EventType, ei libcontainerdtypes.EventInfo) error
ProcessEvent is called by libcontainerd whenever an event occurs
RawSysInfo returns *sysinfo.SysInfo .
Register makes a container object usable by the daemon as <container.ID>
func (daemon *Daemon) RegistryHosts() docker.RegistryHosts
RegistryHosts returns registry configuration in containerd resolvers format
ReleaseIngress releases the ingress networking. The function returns a channel which will signal the caller when the programming is completed.
Reload reads configuration changes and modifies the daemon according to those changes. These are the settings that Reload changes: - Platform runtime - Daemon debug log level - Daemon max concurrent downloads - Daemon max concurrent uploads - Daemon max download attempts - Daemon shutdown timeout (in seconds) - Cluster discovery (reconfigure and restart) - Daemon labels - Insecure registries - Registry mirrors - Daemon live restore
RestartSwarmContainers restarts any autostart container which has a swarm endpoint.
Rootless returns true if daemon is running in rootless mode
SetCluster sets the cluster
func (daemon *Daemon) SetContainerConfigReferences(name string, refs []*swarmtypes.ConfigReference) error
SetContainerConfigReferences sets the container config references needed
SetContainerDependencyStore sets the dependency store backend for the container
func (daemon *Daemon) SetContainerSecretReferences(name string, refs []*swarmtypes.SecretReference) error
SetContainerSecretReferences sets the container secret references needed
func (daemon *Daemon) SetNetworkBootstrapKeys(keys []*networktypes.EncryptionKey) error
SetNetworkBootstrapKeys sets the bootstrap keys.
func (daemon *Daemon) SetupIngress(create clustertypes.NetworkCreateRequest, nodeIP string) (<-chan struct{}, error)
SetupIngress setups ingress networking. The function returns a channel which will signal the caller when the programming is completed.
Shutdown stops the daemon.
ShutdownTimeout returns the timeout (in seconds) before containers are forcibly killed during shutdown. The default timeout can be configured both on the daemon and per container, and the longest timeout will be used. A grace-period of 5 seconds is added to the configured timeout.
A negative (-1) timeout means "indefinitely", which means that containers are not forcibly killed, and the daemon shuts down after all containers exit.
StoreHosts stores the addresses the daemon is listening on
Subnets return the IPv4 and IPv6 subnets of networks that are manager by Docker.
func (daemon *Daemon) SubscribeToEvents(since, until time.Time, filter filters.Args) ([]events.Message, chan interface{})
SubscribeToEvents returns the currently record of events, a channel to stream new events from, and a function to cancel the stream of events.
SystemDiskUsage returns information about the daemon data disk usage
SystemInfo returns information about the host server the daemon is running on.
SystemVersion returns version information about the daemon.
Unmount unsets the container base filesystem
UnsubscribeFromEvents stops the event subscription for a client by closing the channel where the daemon sends events to.
func (daemon *Daemon) UpdateAttachment(networkName, networkID, containerID string, config *network.NetworkingConfig) error
UpdateAttachment notifies the attacher about the attachment config.
func (daemon *Daemon) UpdateContainerServiceConfig(containerName string, serviceConfig *clustertypes.ServiceConfig) error
UpdateContainerServiceConfig updates a service configuration.
func (daemon *Daemon) VolumesService() *service.VolumesService
VolumesService is used to perform volume operations
func (daemon *Daemon) WaitForDetachment(ctx context.Context, networkName, networkID, taskID, containerID string) error
WaitForDetachment makes the cluster manager wait for detachment of the container from the network.
type NetworkManager interface {
GetNetwork(input string) (apitypes.NetworkResource, error)
GetNetworks(filters.Args) ([]apitypes.NetworkResource, error)
RemoveNetwork(input string) error
}NetworkManager provides methods to manage networks
PredefinedNetworkError is returned when user tries to create predefined network that already exists.
func (pnr PredefinedNetworkError) Error() string
func (pnr PredefinedNetworkError) Forbidden()
Forbidden denotes the type of this error
| Path | Synopsis |
|---|---|
| cluster | |
| cluster/controllers/plugin | |
| cluster/convert | |
| cluster/executor | |
| cluster/executor/container | |
| cluster/provider | |
| config | |
| discovery | |
| events | |
| events/testutils | |
| exec | |
| graphdriver | |
| graphdriver/aufs | |
| graphdriver/btrfs | |
| graphdriver/copy | |
| graphdriver/devmapper | |
| graphdriver/fuse-overlayfs | |
| graphdriver/graphtest | |
| graphdriver/lcow | |
| graphdriver/overlay | |
| graphdriver/overlay2 | |
| graphdriver/overlayutils | |
| graphdriver/register | |
| graphdriver/vfs | |
| graphdriver/windows | |
| graphdriver/zfs | |
| images | |
| initlayer | |
| links | |
| listeners | |
| logger | Package logger defines interfaces that logger drivers implement to log messages. |
| logger/awslogs | Package awslogs provides the logdriver for forwarding container logs to Amazon CloudWatch Logs |
| logger/etwlogs | Package etwlogs provides a log driver for forwarding container logs as ETW events.(ETW stands for Event Tracing for Windows) A client can then create an ETW listener to listen for events that are sent by the ETW provider that we register, using the provider's GUID "a3693192-9ed6-46d2-a981-f8226c8363bd". |
| logger/fluentd | Package fluentd provides the log driver for forwarding server logs to fluentd endpoints. |
| logger/gcplogs | |
| logger/gelf | Package gelf provides the log driver for forwarding server logs to endpoints that support the Graylog Extended Log Format. |
| logger/journald | Package journald provides the log driver for forwarding server logs to endpoints that receive the systemd format. |
| logger/jsonfilelog | Package jsonfilelog provides the default Logger implementation for Docker logging. |
| logger/jsonfilelog/jsonlog | |
| logger/local | Package local provides a logger implementation that stores logs on disk. |
| logger/logentries | Package logentries provides the log driver for forwarding server logs to logentries endpoints. |
| logger/loggerutils | |
| logger/loggerutils/cache | |
| logger/splunk | Package splunk provides the log driver for forwarding server logs to Splunk HTTP Event Collector endpoint. |
| logger/syslog | Package syslog provides the logdriver for forwarding server logs to syslog endpoints. |
| logger/templates | |
| names | |
| network | |
| stats |
Package daemon imports 176 packages (graph) and is imported by 1270 packages. Updated 2021-01-07. Refresh now. Tools for package owners.