{
	"id": "255616fa-a4ad-4b5e-89bd-e43fc3db61ca",
	"created_at": "2026-04-29T02:21:35.880208Z",
	"updated_at": "2026-04-29T08:22:45.893665Z",
	"deleted_at": null,
	"sha1_hash": "00e84a7f7c5aee1e8c8a27f8fc70811a9e7a1b82",
	"title": "docker container create",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 69373,
	"plain_text": "docker container create\r\nBy Docker Inc\r\nPublished: 2001-01-01 · Archived: 2026-04-29 02:10:16 UTC\r\n--add-host Add a custom host-to-IP mapping (host:ip) --annotation API 1.43+ Add an annotation to the\r\ncontainer (passed through to the OCI runtime)\r\n-a, --attach Attach to STDIN, STDOUT or STDERR --blkio-weight Block IO (relative weight), between 10\r\nand 1000, or 0 to disable (default 0)\r\n--blkio-weight-device Block IO weight (relative device weight) --cap-add Add Linux capabilities --cap-drop Drop Linux capabilities --cgroup-parent Optional parent cgroup for the container --cgroupns API 1.41+\r\nCgroup namespace to use (host|private)\r\n'host': Run the container in the Docker host's cgroup namespace\r\n'private': Run the container in its own private cgroup namespace\r\n'': Use the cgroup namespace as configured by the\r\ndefault-cgroupns-mode option on the daemon (default) --cidfile Write the container ID to the file --cpu-count CPU count (Windows only) --cpu-percent CPU percent (Windows only) --cpu-period Limit CPU CFS\r\n(Completely Fair Scheduler) period --cpu-quota Limit CPU CFS (Completely Fair Scheduler) quota --cpu-rt-period API 1.25+ Limit CPU real-time period in microseconds --cpu-rt-runtime API 1.25+ Limit CPU real-time runtime in microseconds -c, --cpu-shares CPU shares (relative weight) --cpus API 1.25+ Number of\r\nCPUs --cpuset-cpus CPUs in which to allow execution (0-3, 0,1) --cpuset-mems MEMs in which to allow\r\nexecution (0-3, 0,1) --device Add a host device to the container --device-cgroup-rule Add a rule to the cgroup\r\nallowed devices list --device-read-bps Limit read rate (bytes per second) from a device --device-read-iops Limit read rate (IO per second) from a device --device-write-bps Limit write rate (bytes per second) to a\r\ndevice --device-write-iops Limit write rate (IO per second) to a device --dns Set custom DNS servers --dns-option Set DNS options --dns-search Set custom DNS search domains --domainname Container NIS domain\r\nname --entrypoint Overwrite the default ENTRYPOINT of the image -e, --env Set environment variables --\r\nenv-file Read in a file of environment variables --expose Expose a port or a range of ports --gpus API 1.40+\r\nGPU devices to add to the container ('all' to pass all GPUs) --group-add Add additional groups to join --health-cmd Command to run to check health --health-interval Time between running the check (ms|s|m|h) (default\r\n0s) --health-retries Consecutive failures needed to report unhealthy --health-start-interval API 1.44+\r\nTime between running the check during the start period (ms|s|m|h) (default 0s)\r\n--health-start-period API 1.29+ Start period for the container to initialize before starting health-retries\r\ncountdown (ms|s|m|h) (default 0s)\r\n--health-timeout Maximum time to allow one check to run (ms|s|m|h) (default 0s) --help Print usage -h, --\r\nhostname Container host name --init API 1.25+ Run an init inside the container that forwards signals and reaps\r\nprocesses\r\n-i, --interactive Keep STDIN open even if not attached --io-maxbandwidth Maximum IO bandwidth limit\r\nfor the system drive (Windows only) --io-maxiops Maximum IOps limit for the system drive (Windows only) --\r\nip IPv4 address (e.g., 172.30.100.104) --ip6 IPv6 address (e.g., 2001:db8::33) --ipc IPC mode to use --\r\nhttps://docs.docker.com/reference/cli/docker/container/create/\r\nPage 1 of 2\n\nisolation Container isolation technology -l, --label Set meta data on a container --label-file Read in a line\r\ndelimited file of labels --link Add link to another container --link-local-ip Container IPv4/IPv6 link-local\r\naddresses --log-driver Logging driver for the container --log-opt Log driver options --mac-address Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory Memory limit --memory-reservation Memory soft limit --memory-swap Swap limit equal to memory plus swap: '-1' to enable unlimited\r\nswap\r\n--memory-swappiness -1 Tune container memory swappiness (0 to 100) --mount Attach a filesystem mount to\r\nthe container --name Assign a name to the container --network Connect a container to a network --network-alias Add network-scoped alias for the container --no-healthcheck Disable any container-specified\r\nHEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj Tune host's OOM preferences\r\n(-1000 to 1000) --pid PID namespace to use --pids-limit Tune container pids limit (set -1 for unlimited) --\r\nplatform API 1.32+ Set platform if server is multi-platform capable --privileged Give extended privileges to\r\nthis container -p, --publish Publish a container's port(s) to the host -P, --publish-all Publish all exposed\r\nports to random ports --pull missing Pull image before creating ( always , |missing , never ) -q, --\r\nquiet Suppress the pull output --read-only Mount the container's root filesystem as read only --\r\nrestart no Restart policy to apply when a container exits --rm Automatically remove the container and its\r\nassociated anonymous volumes when it exits\r\n--runtime Runtime to use for this container --security-opt Security Options --shm-size Size of /dev/shm --\r\nstop-signal Signal to stop the container --stop-timeout API 1.25+ Timeout (in seconds) to stop a container --\r\nstorage-opt Storage driver options for the container --sysctl Sysctl options --tmpfs Mount a tmpfs directory -\r\nt, --tty Allocate a pseudo-TTY --ulimit Ulimit options --use-api-socket experimental (CLI) Bind mount\r\nDocker API socket and required auth -u, --user Username or UID (format: \u003cname|uid\u003e[:\u003cgroup|gid\u003e]) --\r\nuserns User namespace to use --uts UTS namespace to use -v, --volume Bind mount a volume --volume-driver Optional volume driver for the container --volumes-from Mount volumes from the specified\r\ncontainer(s) -w, --workdir Working directory inside the container\r\nSource: https://docs.docker.com/reference/cli/docker/container/create/\r\nhttps://docs.docker.com/reference/cli/docker/container/create/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.docker.com/reference/cli/docker/container/create/"
	],
	"report_names": [
		"create"
	],
	"threat_actors": [],
	"ts_created_at": 1777429295,
	"ts_updated_at": 1777450965,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/00e84a7f7c5aee1e8c8a27f8fc70811a9e7a1b82.pdf",
		"text": "https://archive.orkl.eu/00e84a7f7c5aee1e8c8a27f8fc70811a9e7a1b82.txt",
		"img": "https://archive.orkl.eu/00e84a7f7c5aee1e8c8a27f8fc70811a9e7a1b82.jpg"
	}
}