Important notes about this release
In Docker versions prior to 18.09, containerd was managed by the Docker engine daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd is managed by systemd, any custom configuration to the docker.service systemd configuration which changes mount settings (for example, MountFlags=slave) breaks interactions between the Docker Engine daemon and containerd, and you will not be able to start containers.
Run the following command to get the current value of the MountFlags property for the docker.service:
sudo systemctl show --property=MountFlags docker.service
Update your configuration if this command prints a non-empty value for MountFlags, and restart the docker service.
Security fixes for Docker Engine EE and CE
Upgraded Go language to 1.10.6 to resolve CVE-2018-16873, CVE-2018-16874, and CVE-2018-16875.
Fixed authz plugin for 0-length content and path validation.
Added /proc/asound to masked paths docker/engine#126
Improvements for Docker Engine EE and CE
Updated to BuildKit 0.3.3 docker/engine#122
Updated to containerd 1.2.2 docker/engine#144
Provided additional warnings for use of deprecated legacy overlay and devicemapper storage drivers docker/engine#85
prune: perform image pruning before build cache pruning docker/cli#1532
Added bash completion for experimental CLI commands (manifest) docker/cli#1542
Windows: allow process isolation on Windows 10 docker/engine#81
Fixes for Docker Engine EE and CE
Disable kmem accounting in runc on RHEL/CentOS (docker/escalation#614, docker/escalation#692) docker/engine#121
Fixed inefficient networking configuration docker/engine#123
Fixed docker system prune doesn’t accept until filter docker/engine#122
Avoid unset credentials in containerd docker/engine#122
Fixed iptables compatibility on Debian docker/engine#107
Fixed setting default schema to tcp for docker host docker/cli#1454
Fixed bash completion for service update --force docker/cli#1526
Windows: DetachVhd attempt in cleanup docker/engine#113
API: properly handle invalid JSON to return a 400 status docker/engine#110
API: ignore default address-pools on API < 1.39 docker/engine#118
API: add missing default address pool fields to swagger docker/engine#119
awslogs: account for UTF-8 normalization in limits docker/engine#112
Prohibit reading more than 1MB in HTTP error responses docker/engine#114
apparmor: allow receiving of signals from docker kill docker/engine#116
overlay2: use index=off if possible (fix EBUSY on mount) docker/engine#84
Add docker.socket requirement for docker.service. docker/docker-ce-packaging#276
Add socket activation for RHEL-based distributions. docker/docker-ce-packaging#274
Add libseccomp requirement for RPM packages. docker/docker-ce-packaging#266
When upgrading from 18.09.0 to 18.09.1, containerd is not upgraded to the correct version on Ubuntu. Learn more.
There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater.
Docker 是一个开源的应用容器引擎，让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中，然后发布到任何流行的 Linux或Windows 机器上，也可以实现虚拟化。容器是完全使用沙箱机制，相互之间不会有任何接口。