Docker Experimental Features in Red Hat Enterprise Linux

Updated -

The following features included in the docker component (docker-1.4 and higher) are not yet upstream, and considered experimental. The user interface for these features may change in future releases. The features are fully supported as part of a standard Red Hat Enterprise Linux or Red Hat Enterprise Linux Atomic host deployment.

Registry Access Control: The docker daemon includes two options to manage which registries it can connect to. These can be defined in /etc/sysconfig/docker with the ADD_REGISTRY and BLOCK_REGISTRY options.

# If you want to add your own registry to be used for docker search and docker
# pull use the ADD_REGISTRY option to list a set of registries, each prepended
# with --add-registry flag. The first registry added will be the first registry
# searched.

Each registry in ADD_REGISTRY is searched in order of appearance in the configuration file. Red Hat's default includes
an entry for the Red Hat maintained registry ( on the Red Hat Customer Portal for images from Red Hat product families.

# If you want to block registries from being used, uncomment the BLOCK_REGISTRY
# option and give it a set of registries, each prepended with --block-registry
# flag. For example adding will stop users from downloading images
# from
# BLOCK_REGISTRY='--block-registry'

The default configuration includes access to the Docker Hub as builtin feature of the docker component, To prevent access to the Docker Hub, a special keyword "public", should be used in the BLOCK_REGISTRY option.

Network Namespace Creation: In addition to docker automatically creating namespaces needed to start a container instance, users can now specify an externally created network namespace. This will facilitate the usage of external network interface creation tools to be leveraged in a docker container context.


The PATH is replaced with the network namespace path entry in /var/run/netns/. Tools such as ip netns can be used to create manage independent network namespaces and interfaces.



Is there any update on the upstream push of this features ?


The pull requests for both were closed upstream as the Docker code is getting refactored. As the core Docker Engine code starts to leverage the Open Container Initiative (OCI) code base, we will reopen the pull requests for these features in OCI.

Is this method still supported in RHEL 7.4? Testing on Docker 1.12 in 7.4 appears to have no impact on behaviour.

Is there a more formally supported method now?