You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Formatting for tables wasn't guarded by markdownlint validation rules,
which increases the risk of releasing incorrectly formatted tables.
Signed-off-by: David Karlsson <[email protected]>
Copy file name to clipboardExpand all lines: content/desktop/hardened-desktop/settings-management/configure.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -147,18 +147,18 @@ The following `admin-settings.json` code and table provides an example of the re
147
147
|`configurationFileVersion`||Specifies the version of the configuration file format. |
148
148
|`exposeDockerAPIOnTCP2375`| <spanclass="badge badge-info">Windows only</span>| Exposes the Docker API on a specified port. If `value` is set to true, the Docker API is exposed on port 2375. Note: This is unauthenticated and should only be enabled if protected by suitable firewall rules.|
149
149
|`proxy`||If `mode` is set to `system` instead of `manual`, Docker Desktop gets the proxy values from the system and ignores and values set for `http`, `https` and `exclude`. Change `mode` to `manual` to manually configure proxy servers. If the proxy port is custom, specify it in the `http` or `https` property, for example `"https": "http://myotherproxy.com:4321"`. The `exclude` property specifies a comma-separated list of hosts and domains to bypass the proxy. |
150
-
`windowsDockerdPort` | <spanclass="badge badge-info">Windows only</span> | Exposes Docker Desktop's internal proxy locally on this port for the Windows Docker daemon to connect to. If it is set to 0, a random free port is chosen. If the value is greater than 0, use that exact value for the port. The default value is -1 which disables the option. Note: This is available for Windows containers only. |
150
+
| `windowsDockerdPort`| <spanclass="badge badge-info">Windows only</span> | Exposes Docker Desktop's internal proxy locally on this port for the Windows Docker daemon to connect to. If it is set to 0, a random free port is chosen. If the value is greater than 0, use that exact value for the port. The default value is -1 which disables the option. Note: This is available for Windows containers only. |
151
151
|`enhancedContainerIsolation`|| If `value` is set to true, Docker Desktop runs all containers as unprivileged, via the Linux user-namespace, prevents them from modifying sensitive configurations inside the Docker Desktop VM, and uses other advanced techniques to isolate them. For more information, see [Enhanced Container Isolation](../enhanced-container-isolation/index.md).|
152
152
| `dockerSocketMount`|| By default, enhanced container isolation blocks bind-mounting the Docker Engine socket into containers (e.g., `docker run -v /var/run/docker.sock:/var/run/docker.sock ...`). This allows admins to relax this in a controlled way. See [ECI Configuration](../enhanced-container-isolation/config.md) for more info. |
153
153
| `imageList`|| Indicates which container images are allowed to bind-mount the Docker Engine socket. |
154
154
| `commandList`|| Restricts the commands that containers can issue via the bind-mounted Docker Engine socket. |
155
155
|`linuxVM`||Parameters and settings related to Linux VM options - grouped together here for convenience. |
156
-
| `wslEngineEnabled` | <spanclass="badge badge-info">Windows only</span> | If `value` is set to true, Docker Desktop uses the WSL 2 based engine. This overrides anything that may have been set at installation using the `--backend=<backend name>` flag.
156
+
| `wslEngineEnabled`| <spanclass="badge badge-info">Windows only</span> | If `value` is set to true, Docker Desktop uses the WSL 2 based engine. This overrides anything that may have been set at installation using the `--backend=<backend name>` flag.|
157
157
| `dockerDaemonOptions`||If `value` is set to true, it overrides the options in the Docker Engine config file. See the [Docker Engine reference](/engine/reference/commandline/dockerd/#daemon-configuration-file). Note that for added security, a few of the config attributes may be overridden when Enhanced Container Isolation is enabled. |
158
158
| `vpnkitCIDR`||Overrides the network range used for vpnkit DHCP/DNS for `*.docker.internal`|
159
159
|`kubernetes`|| If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the UI and when you run `docker ps`. `imagesRepository` allows you to specify which repository Docker Desktop pulls the Kubernetes images from. For example, `"imagesRepository": "registry-1.docker.io/docker"`. |
160
160
|`windowsContainers`|| Parameters and settings related to `windowsContainers` options - grouped together here for convenience. |
161
-
| `dockerDaemonOptions`|| Overrides the options in the Linux daemon config file. See the [Docker Engine reference](/engine/reference/commandline/dockerd/#daemon-configuration-file).||
161
+
| `dockerDaemonOptions`|| Overrides the options in the Linux daemon config file. See the [Docker Engine reference](/engine/reference/commandline/dockerd/#daemon-configuration-file).|
162
162
|`disableUpdate`||If `value` is set to true, checking for and notifications about Docker Desktop updates is disabled.|
163
163
|`analyticsEnabled`||If `value` is set to false, Docker Desktop doesn't send usage statistics to Docker. |
164
164
|`extensionsEnabled`||If `value` is set to false, Docker extensions are disabled. |
| HEAD | tag | N/A | Version check | User already has all layers existing on local machine | This is similar to the use case of a pull by tag when the user already has all the image layers existing locally, however, it differentiates the user intent and classifies accordingly. |
166
-
| GET | tag | N/A | Pull by tag | User already has all layers existing on local machine and/or the image is single-arch |
167
-
| GET | tag | Get by different digest | Pull by tag | Image is multi-arch | Second GET by digest must be different from the first. |
168
-
| HEAD | tag | GET by same digest | Pull by tag | Image is multi-arch but some or all image layers already exist on the local machine | The HEAD by tag sends the most current digest, the following GET must be by that same digest. There may occur an additional GET, if the image is multi-arch (see the next row in this table). If the user doesn't want the most recent digest, then the user performs HEAD by digest. |
166
+
| GET | tag | N/A | Pull by tag | User already has all layers existing on local machine and/or the image is single-arch ||
167
+
| GET | tag | Get by different digest | Pull by tag | Image is multi-arch | Second GET by digest must be different from the first. |
168
+
| HEAD | tag | GET by same digest | Pull by tag | Image is multi-arch but some or all image layers already exist on the local machine | The HEAD by tag sends the most current digest, the following GET must be by that same digest. There may occur an additional GET, if the image is multi-arch (see the next row in this table). If the user doesn't want the most recent digest, then the user performs HEAD by digest. |
169
169
| HEAD | tag | GET by the same digest, then a second GET by a different digest | Pull by tag | Image is multi-arch | The HEAD by tag sends the most recent digest, the following GET must be by that same digest. Since the image is multi-arch, there is a second GET by a different digest. If the user doesn't want the most recent digest, then the user performs HEAD by digest. |
170
170
| HEAD | tag | GET by same digest, then a second GET by different digest | Pull by tag | Image is multi-arch | The HEAD by tag sends the most current digest, the following GET must be by that same digest. Since the image is multi-arch, there is a second GET by a different digest. If the user doesn't want the most recent digest, then the user performs HEAD by digest. |
171
-
| GET | digest | N/A | Pull by digest | User already has all layers existing on local machine and/or the image is single-arch |
172
-
| HEAD | digest | N/A | Pull by digest | User already has all layers existing on their local machine |
173
-
| GET | digest | GET by different digest | Pull by digest | Image is multi-arch | The second GET by digest must be different from the first. |
174
-
| HEAD | digest | GET by same digest | Pull by digest | Image is single-arch and/or image is multi-arch but some part of the image already exists on the local machine |
175
-
| HEAD | digest | GET by same digest, then a second GET by different digest | Pull by Digest | Image is multi-arch |
171
+
| GET | digest | N/A | Pull by digest | User already has all layers existing on local machine and/or the image is single-arch ||
172
+
| HEAD | digest | N/A | Pull by digest | User already has all layers existing on their local machine ||
173
+
| GET | digest | GET by different digest | Pull by digest | Image is multi-arch | The second GET by digest must be different from the first. |
174
+
| HEAD | digest | GET by same digest | Pull by digest | Image is single-arch and/or image is multi-arch but some part of the image already exists on the local machine ||
175
+
| HEAD | digest | GET by same digest, then a second GET by different digest | Pull by Digest | Image is multi-arch ||
0 commit comments