Skip to content

Ambiguous syntax of security options #23958

New issue
New issue
Open
Open
Ambiguous syntax of security options#23958
Labels
status/triageNeeds triage
@tomgehrmann

Description

@tomgehrmann
tomgehrmann
opened on Jan 12, 2026

Is this a docs issue?

  • My issue is about the documentation content or website

Type of issue

I can't find what I'm looking for

Description

The documentation regarding the syntax of security options in general, and no-new-privileges in particular, is confusing.

Every option in the CLI run security-opt reference (also the compose service reference) has the syntax "some_option=value", because of which it can be assumed to be the general syntax. However, the last example in the CLI run security-opt reference breaks with this assumption, as just --security-opt no-new-privileges is also acceptable (which is also used on the man page).

Additionally, the compose spec on GitHub differs from the version on the Docker website: "label:user:USER".

Manual testing of no-new-privileges inside the container (using capsh, Docker Community, containerd) reveals that all of the following syntaxes are accepted:

  • "no-new-privileges=true"
  • "no-new-privileges"
  • "no-new-privileges:true"

Location

https://docs.docker.com/reference/cli/docker/container/run/#security-opt

Suggestion

Document the syntax explicitly (or link to if documented elsewhere)

Metadata

Metadata

Assignees

No one assigned

    Labels

    status/triageNeeds triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions