$ docker run -v /bin:/host/bin --it --rm alpine sh

FROM python:latest
RUN useradd -s /bin/bash unix_user
USER unix_user
ENTRYPOINT ["bin/bash"]

$ docker image build -t python_image

$ docker run -ti python_image

$ docker run -d --read-only python sh

$ docker run --name mysql --read-only -v /var/lib/mysql -v /tmp -d -e MYSQL_ROOT_PASSWORD=password mysql

$ docker run -v $(pwd):/pwd:ro debian touch /pwd/x

RUN find / -perm +6000 -type f -exec chmod a-s {} ; || true

$ docker run --help | grep 'cpu\|device\|memory'

$ docker run –rm -it –cap-add
$CAP alpine sh

$ docker run –rm -it –cap-drop
$CAP alpine sh

$ docker run –rm -it –cap-drop ALL –cap-add
$CAP alpine sh

$ docker run –cap-add=ALL –cap-drop=CHOWN -ti ubuntu sh

$ docker run -it –cap-drop CHOWN python /bin/bash

$ docker run -ti –cap-drop=CHOWN –cap-drop=DAC_OVERRIDE
--cap-drop=FSETID –cap-drop=FOWNER –cap-drop=KILL –cap-drop=MKNOD
--cap-drop=NET_RAW –cap-drop=SETGID –cap-drop=SETUID
--cap-drop=SETFCAP –cap-drop=SETPCAP –cap-drop=NET_BIND_SERVICE
--cap-drop=SYS_CHROOT –cap-drop=AUDIT_WRITE ubuntu /bin/bash

$ docker run -it --cap-drop SETGID --cap-drop SETUID python sh

$ docker run --it --cap-drop NET_RAW python sh

$ docker run -ti --cap-add=NET_ADMIN python sh -c "ip link set eth0 down"

$ docker run -ti --rm --privileged=true ubuntu /bin/bash

$ docker run --privileged -i -t fedora /bin/bash

$ export DOCKER_CONTENT_TRUST=1

$ docker run -d -p 5000:5000 --restart = always --name registry registry:2

$ sudo docker run --name myhello hello-world

$ docker tag hello-world localhost:5000/hello-me:latest

$ docker push localhost:5000/hello-me:latest

$ sudo docker rm myhello
$ sudo docker rmi hello-world localhost:5000/hello-me:latest
$ sudo docker pull localhost:5000/hello-me:latest

$ docker images
$ docker run -it localhost:5000/hello-me



