diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2021-04-14 10:52:44 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2021-04-21 13:28:36 -0400 |
| commit | e356160f415b6111df09af214f0dea299e78ad04 (patch) | |
| tree | 5a2186591697b7261b1f90d819c9026f06bd98fa /cmd/podman/common | |
| parent | 9c8277247d3e2e60a1f945d82851f58447cbdd74 (diff) | |
| download | podman-e356160f415b6111df09af214f0dea299e78ad04.tar.gz podman-e356160f415b6111df09af214f0dea299e78ad04.tar.bz2 podman-e356160f415b6111df09af214f0dea299e78ad04.zip | |
Add --group-add keep-groups: suplimentary groups into container
Currently we have rootless users who want to leak their groups access
into containers, but this group access is only able to be pushed in by
a hard to find OCI Runtime annotation. This PR makes this option a lot
more visable and hides the complexity within the podman client.
This option is only really needed for local rootless users. It makes
no sense for remote clients, and probably makes little sense for
rootfull containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'cmd/podman/common')
| -rw-r--r-- | cmd/podman/common/create.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index da391d30d..d496ae308 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -277,7 +277,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) { createFlags.StringSliceVar( &cf.GroupAdd, groupAddFlagName, []string{}, - "Add additional groups to join", + "Add additional groups to the primary container process. 'keep-groups' allows container processes to use suplementary groups.", ) _ = cmd.RegisterFlagCompletionFunc(groupAddFlagName, completion.AutocompleteNone) |