docs: add concept diagrams to what-is-a-container page

content/get-started/docker-concepts/the-basics/what-is-a-container.md

@@ -33,6 +33,8 @@ Here's what makes them awesome. Containers are:
 - Independent. Each container is independently managed. Deleting one container won't affect any others.
 - Portable. Containers can run anywhere! The container that runs on your development machine will work the same way in a data center or anywhere in the cloud!
 
+![Diagram showing three containers (frontend, backend, database) running side by side, each with an isolated filesystem, all sharing the host OS kernel](images/container-architecture.png)
+
 ### Containers versus virtual machines (VMs)
 
 Without getting too deep, a VM is an entire operating system with its own kernel, hardware drivers, programs, and applications. Spinning up a VM only to isolate a single application is a lot of overhead.
@@ -43,6 +45,8 @@ A container is simply an isolated process with all of the files it needs to run.
 >
 > Quite often, you will see containers and VMs used together. As an example, in a cloud environment, the provisioned machines are typically VMs. However, instead of provisioning one machine to run one application, a VM with a container runtime can run multiple containerized applications, increasing resource utilization and reducing costs.
 
+![Diagram comparing virtual machines (each with a full Guest OS) versus containers (sharing the host kernel with no Guest OS overhead)](images/containers-vs-vms.png)
+
 
 ## Try it out
 

content/manuals/desktop/setup/install/linux/_index.md

@@ -205,6 +205,38 @@ Sign out and sign back in so that your group membership is re-evaluated.
 
 Docker Desktop for Linux uses a per-user socket instead of the system-wide `/var/run/docker.sock`. Docker SDKs and tools that connect directly to the Docker daemon need the `DOCKER_HOST` environment variable set to connect to Docker Desktop. For configuration details, see [How do I use Docker SDKs with Docker Desktop for Linux?](/manuals/desktop/troubleshoot-and-support/faqs/linuxfaqs.md#how-do-i-use-docker-sdks-with-docker-desktop-for-linux).
 
+## Verify your installation
+
+After installing Docker Desktop, verify it is working correctly:
+
+1. Open a terminal and check the Docker version:
+```console
+   $ docker --version
+```
+
+   You should see output similar to:
+```text
+   Docker version 27.x.x, build xxxxxxx
+```
+
+1. Run the hello-world container to confirm Docker Desktop is working end-to-end:
+```console
+   $ docker run hello-world
+```
+
+   If successful, you should see:
+```
+   Hello from Docker!
+   This message shows that your installation appears to be working correctly.
+```
+
+1. Check that Docker Desktop is using the correct context:
+```console
+   $ docker context ls
+```
+
+   The `desktop-linux` context should be marked with an asterisk (`*`) as the active context.
+
 ## Where to go next
 
 - Install Docker Desktop for Linux for your specific Linux distribution:

content/reference/compose-file/services.md

@@ -1956,6 +1956,17 @@ secrets:
 
 `security_opt` overrides the default labeling scheme for each container.
 
+Options accept either `option=value` or `option:value` syntax. For boolean options
+such as `no-new-privileges`, the value may be omitted entirely, in which case the
+option is treated as enabled. The following syntaxes are all equivalent:
+
+```yml
+security_opt:
+  - no-new-privileges
+  - no-new-privileges=true
+  - no-new-privileges:true
+```
+
 ```yml
 security_opt:
   - label=user:USER