diff --git a/content/get-started/docker-concepts/the-basics/images/container-architecture.png b/content/get-started/docker-concepts/the-basics/images/container-architecture.png new file mode 100644 index 000000000000..86f5b3c64b93 Binary files /dev/null and b/content/get-started/docker-concepts/the-basics/images/container-architecture.png differ diff --git a/content/get-started/docker-concepts/the-basics/images/containers-vs-vms.png b/content/get-started/docker-concepts/the-basics/images/containers-vs-vms.png new file mode 100644 index 000000000000..baf6bcd076bd Binary files /dev/null and b/content/get-started/docker-concepts/the-basics/images/containers-vs-vms.png differ diff --git a/content/get-started/docker-concepts/the-basics/what-is-a-container.md b/content/get-started/docker-concepts/the-basics/what-is-a-container.md index fcd4cfcea3fe..6b2fed4b8d82 100644 --- a/content/get-started/docker-concepts/the-basics/what-is-a-container.md +++ b/content/get-started/docker-concepts/the-basics/what-is-a-container.md @@ -33,6 +33,8 @@ Here's what makes them awesome. Containers are: - Independent. Each container is independently managed. Deleting one container won't affect any others. - Portable. Containers can run anywhere! The container that runs on your development machine will work the same way in a data center or anywhere in the cloud! +![Diagram showing three containers (frontend, backend, database) running side by side, each with an isolated filesystem, all sharing the host OS kernel](images/container-architecture.png) + ### Containers versus virtual machines (VMs) Without getting too deep, a VM is an entire operating system with its own kernel, hardware drivers, programs, and applications. Spinning up a VM only to isolate a single application is a lot of overhead. @@ -43,6 +45,8 @@ A container is simply an isolated process with all of the files it needs to run. > > Quite often, you will see containers and VMs used together. As an example, in a cloud environment, the provisioned machines are typically VMs. However, instead of provisioning one machine to run one application, a VM with a container runtime can run multiple containerized applications, increasing resource utilization and reducing costs. +![Diagram comparing virtual machines (each with a full Guest OS) versus containers (sharing the host kernel with no Guest OS overhead)](images/containers-vs-vms.png) + ## Try it out diff --git a/content/manuals/desktop/setup/install/linux/_index.md b/content/manuals/desktop/setup/install/linux/_index.md index 2d8ae96bfe96..19f2b23527e3 100644 --- a/content/manuals/desktop/setup/install/linux/_index.md +++ b/content/manuals/desktop/setup/install/linux/_index.md @@ -205,6 +205,38 @@ Sign out and sign back in so that your group membership is re-evaluated. Docker Desktop for Linux uses a per-user socket instead of the system-wide `/var/run/docker.sock`. Docker SDKs and tools that connect directly to the Docker daemon need the `DOCKER_HOST` environment variable set to connect to Docker Desktop. For configuration details, see [How do I use Docker SDKs with Docker Desktop for Linux?](/manuals/desktop/troubleshoot-and-support/faqs/linuxfaqs.md#how-do-i-use-docker-sdks-with-docker-desktop-for-linux). +## Verify your installation + +After installing Docker Desktop, verify it is working correctly: + +1. Open a terminal and check the Docker version: +```console + $ docker --version +``` + + You should see output similar to: +```text + Docker version 27.x.x, build xxxxxxx +``` + +1. Run the hello-world container to confirm Docker Desktop is working end-to-end: +```console + $ docker run hello-world +``` + + If successful, you should see: +``` + Hello from Docker! + This message shows that your installation appears to be working correctly. +``` + +1. Check that Docker Desktop is using the correct context: +```console + $ docker context ls +``` + + The `desktop-linux` context should be marked with an asterisk (`*`) as the active context. + ## Where to go next - Install Docker Desktop for Linux for your specific Linux distribution: diff --git a/content/reference/compose-file/services.md b/content/reference/compose-file/services.md index 4c32080645b0..735039334364 100644 --- a/content/reference/compose-file/services.md +++ b/content/reference/compose-file/services.md @@ -1956,6 +1956,17 @@ secrets: `security_opt` overrides the default labeling scheme for each container. +Options accept either `option=value` or `option:value` syntax. For boolean options +such as `no-new-privileges`, the value may be omitted entirely, in which case the +option is treated as enabled. The following syntaxes are all equivalent: + +```yml +security_opt: + - no-new-privileges + - no-new-privileges=true + - no-new-privileges:true +``` + ```yml security_opt: - label=user:USER