aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-11-18 09:36:00 -0800
committerDaniel J Walsh <dwalsh@redhat.com>2019-11-26 07:57:33 -0500
commita4983b05fbd95a6c351e92dea5d00a792837d7e8 (patch)
tree47f6d125ab0b9fc2dca2fc7c3c6c925ba6c6527b
parentaef38585ed313d1096c1fa4f6281f36e5e47422b (diff)
downloadpodman-a4983b05fbd95a6c351e92dea5d00a792837d7e8.tar.gz
podman-a4983b05fbd95a6c351e92dea5d00a792837d7e8.tar.bz2
podman-a4983b05fbd95a6c351e92dea5d00a792837d7e8.zip
Document other bind options on --volumes flag
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--docs/source/markdown/podman-create.1.md23
-rw-r--r--docs/source/markdown/podman-run.1.md23
2 files changed, 46 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 0ddcc7ed8..82d2e8f6a 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -817,6 +817,10 @@ container. The `OPTIONS` are a comma delimited list and can be:
* [rw|ro]
* [z|Z]
* [`[r]shared`|`[r]slave`|`[r]private`]
+* [`[r]bind`]
+* [`noexec`|`exec`]
+* [`nodev`|`dev`]
+* [`nosuid`|`suid`]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory.
@@ -870,6 +874,25 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave.
+If you want to recursively mount a volume and all of it's submounts into a
+container, then you can use the `rbind` option. By default the bind option is
+used, and submounts of the source directory will not be mounted into the
+container.
+
+Mounting the volume with the `nosuid` options means that SUID applications on
+the volume will not be able to change their privilege. By default volumes
+are mounted with `nosuid`.
+
+Mounting the volume with the noexec option means that no executables on the
+volume will be able to executed within the container.
+
+Mounting the volume with the nodev option means that no devices on the volume
+will be able to be used by processes within the container. By default volumes
+are mounted with `nodev`.
+
+If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are
+ignored by the kernel.
+
Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index d487af235..e1177cb34 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -860,6 +860,10 @@ create one.
* [`rw`|`ro`]
* [`z`|`Z`]
* [`[r]shared`|`[r]slave`|`[r]private`]
+* [`[r]bind`]
+* [`noexec`|`exec`]
+* [`nodev`|`dev`]
+* [`nosuid`|`suid`]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory.
@@ -913,6 +917,25 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave.
+If you want to recursively mount a volume and all of it's submounts into a
+container, then you can use the `rbind` option. By default the bind option is
+used, and submounts of the source directory will not be mounted into the
+container.
+
+Mounting the volume with the `nosuid` options means that SUID applications on
+the volume will not be able to change their privilege. By default volumes
+are mounted with `nosuid`.
+
+Mounting the volume with the noexec option means that no executables on the
+volume will be able to executed within the container.
+
+Mounting the volume with the nodev option means that no devices on the volume
+will be able to be used by processes within the container. By default volumes
+are mounted with `nodev`.
+
+If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are
+ignored by the kernel.
+
Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one