在特权模式下重新启动泊坞窗容器

容器configuration位于/var/lib/docker/containers/<id>/hostconfig.json中 – 您可以对其进行编辑并重新启动容器，但在编辑Docker时不应运行。

 # docker run -ti --name test fedora:25 /bin/bash # echo 512 > /proc/sys/net/core/somaxconn # in docker bash: /proc/sys/net/core/somaxconn: Read-only file system # exit # exit docker, back to host # systemctl stop docker # or stop it with whatever servicemanager you're using # cd /var/lib/docker/containers/b48fcbce0ab29749160e5677e3e9fe07cc704b47e84f7978fa74584f6d9d3c40/ # cp hostconfig.json{,.bak} # cat hostconfig.json.bak | jq '.Privileged=true' | jq '.SecurityOpt=["label=disable"]' > hostconfig.json # systemctl start docker # docker start test test # docker exec -ti test /bin/bash # echo 512 > /proc/sys/net/core/somaxconn # in docker, now works 

这将closures所有容器，当你正在进行更改。

不，你不应该直接configuration容器。 这样做会导致难以维护的环境（您已经find）。 将您的configuration包含在您的docker-compose.yml，附加的卷或Dockerfile中。 这使您可以通过replace它来更新容器。

作为参考，唯一的设置泊坞窗让你更新一个正在运行的容器如下：

 $ docker update --help Usage: docker update [OPTIONS] CONTAINER [CONTAINER...] Update configuration of one or more containers Options: --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota --cpu-rt-period int Limit the CPU real-time period in microseconds --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds -c, --cpu-shares int CPU shares (relative weight) --cpus decimal Number of CPUs --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) --help Print usage --kernel-memory bytes Kernel memory limit -m, --memory bytes Memory limit --memory-reservation bytes Memory soft limit --memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap --restart string Restart policy to apply when a container exits