diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md
index dcd0a851b5f5..442df249e3f5 100644
--- a/docs/reference/commandline/service_create.md
+++ b/docs/reference/commandline/service_create.md
@@ -394,7 +394,7 @@ volumes in a service:
The Engine mounts binds and volumes read-write unless readonly option
is given when mounting the bind or volume. Note that setting readonly for a
- bind-mount does not make its submounts readonly on the current Linux implementation. See also bind-nonrecursive.
+ bind-mount may not make its submounts readonly depending on the kernel version. See also bind-recursive.
- true or 1 or no value: Mounts the bind or volume read-only.
- false or 0: Mounts the bind or volume read-write.
@@ -432,17 +432,40 @@ The following options can only be used for bind mounts (`type=bind`):
|
- bind-nonrecursive |
+ bind-recursive |
By default, submounts are recursively bind-mounted as well. However, this behavior can be confusing when a
- bind mount is configured with readonly option, because submounts are not mounted as read-only.
- Set bind-nonrecursive to disable recursive bind-mount.
+ bind mount is configured with readonly option, because submounts may not be mounted as read-only,
+ depending on the kernel version.
+ Set bind-recursive to control the behavior of the recursive bind-mount.
+
+ A value is one of:
+
+
+ - <enabled, true or 1: Enables recursive bind-mount.
+ Read-only mounts are made recursively read-only if kernel is v5.12 or later.
+ Otherwise they are not made recursively read-only.
+ - <disabled, false or 0: Disables recursive bind-mount.
+ - <writable: Enables recursive bind-mount.
+ Read-only mounts are not made recursively read-only.
+ - <readonly: Enables recursive bind-mount.
+ Read-only mounts are made recursively read-only if kernel is v5.12 or later.
+ Otherwise the Engine raises an error.
+
+ When the option is not specified, the default behavior correponds to setting enabled.
+ |
+
+
+ bind-nonrecursive |
+
+ bind-nonrecursive is deprecated since Docker Engine v25.0.
+ Use bind-recursiveinstead.
A value is optional:
- - true or 1: Disables recursive bind-mount.
- - false or 0: Default if you do not provide a value. Enables recursive bind-mount.
+ - true or 1: Equivalent to bind-recursive=disabled.
+ - false or 0: Equivalent to bind-recursive=enabled.
|
diff --git a/man/docker-run.1.md b/man/docker-run.1.md
index bb57800de268..7b6384c66885 100644
--- a/man/docker-run.1.md
+++ b/man/docker-run.1.md
@@ -467,16 +467,20 @@ according to RFC4862.
* `dst`, `destination`, `target`: mount destination spec.
* `ro`, `readonly`: `true` or `false` (default).
- **Note**: setting `readonly` for a bind mount does not make its submounts
- read-only on the current Linux implementation. See also `bind-nonrecursive`.
+ **Note**: setting `readonly` for a bind mount may not make its submounts
+ read-only depending on the kernel version. See also `bind-recursive`.
Options specific to `bind`:
* `bind-propagation`: `shared`, `slave`, `private`, `rshared`, `rslave`, or `rprivate`(default). See also `mount(2)`.
* `consistency`: `consistent`(default), `cached`, or `delegated`. Currently, only effective for Docker for Mac.
- * `bind-nonrecursive`: `true` or `false` (default). If set to `true`,
- submounts are not recursively bind-mounted. This option is useful for
- `readonly` bind mount.
+ * `bind-recursive`: `enabled` (default), `disabled`, `writable`, or `readonly`:
+ If set to `enabled`, submounts are recursively bind-mounted and attempted to be made recursively read-only.
+ If set to `disabled`, submounts are not recursively bind-mounted.
+ If set to `writable`, submounts are recursively bind-mounted but not made recursively read-only.
+ If set to `readonly`, submounts are recursively bind-mounted and forcibly made recursively read-only.
+ * `bind-nonrecursive` (Deprecated): `true` or `false` (default). Setting `true` equates to `bind-recursive=disabled`.
+ Setting `false` equates to `bind-recursive=enabled`.
Options specific to `volume`: