docs: improve note for Fedora 22
Move the note more up, to prevent people from starting
the daemon with --userns-remap before touching the files.
Also clarify that these steps must be done *before* enabling
userns-remap and starting the daemon.
Also fixed some minor Markup formatting issues.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md
index 39170d7..4dbec52 100644
--- a/docs/reference/commandline/daemon.md
+++ b/docs/reference/commandline/daemon.md
@@ -695,11 +695,17 @@
provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon
startup will fail with an error message.
+> **Note:** On Fedora 22, you have to `touch` the `/etc/subuid` and `/etc/subgid`
+> files to have ranges assigned when users are created. This must be done
+> *before* the `--userns-remap` option is enabled. Once these files exist, the
+> daemon can be (re)started and range assignment on user creation works properly.
+
*Example: starting with default Docker user management:*
+```bash
+$ docker daemon --userns-remap=default
```
- $ docker daemon --userns-remap=default
-```
+
When `default` is provided, Docker will create - or find the existing - user and group
named `dockremap`. If the user is created, and the Linux distribution has
appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated
@@ -708,15 +714,11 @@
create the following range, based on an existing user named `user1` already owning
the first 65536 range:
+```bash
+$ cat /etc/subuid
+user1:100000:65536
+dockremap:165536:65536
```
- $ cat /etc/subuid
- user1:100000:65536
- dockremap:165536:65536
-```
-
-> **Note:** On Fedora 22, you have to `touch` the `/etc/subuid` and `/etc/subgid`
-> files to have ranges assigned when users are created. Once these files
-> exist, range assignment on user creation works properly.
If you have a preferred/self-managed user with subordinate ID mappings already
configured, you can provide that username or uid to the `--userns-remap` flag.