diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-04-16 12:30:01 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-16 12:30:01 -0400 |
commit | 8d3075e33267663bf2a251bfd60bd825397114c9 (patch) | |
tree | 17efa4577cd6a895d492a38767b32ee1cac2dc74 /docs/source/markdown/podman-create.1.md | |
parent | 25eeaec219ccc49dcb35e098afaed7d7987cbee1 (diff) | |
parent | 3987c529f473178c51feb69d5252c7d5c2a8f697 (diff) | |
download | podman-8d3075e33267663bf2a251bfd60bd825397114c9.tar.gz podman-8d3075e33267663bf2a251bfd60bd825397114c9.tar.bz2 podman-8d3075e33267663bf2a251bfd60bd825397114c9.zip |
Merge pull request #13583 from rhatdan/ipc
Add support for ipc namespace modes "none, private, sharable"
Diffstat (limited to 'docs/source/markdown/podman-create.1.md')
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 9af7174fc..45d0d0b3e 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -504,10 +504,16 @@ To specify multiple static IPv6 addresses per container, set multiple networks u #### **--ipc**=*ipc* -Default is to create a private IPC namespace (POSIX SysV IPC) for the container - `container:<name|id>`: reuses another container shared memory, semaphores and message queues - `host`: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - `ns:<path>` path to an IPC namespace to join. +Set the IPC namespace mode for a container. The default is to create +a private IPC namespace. + +- "": Use Podman's default, defined in containers.conf. +- **container:**_id_: reuses another container's shared memory, semaphores, and message queues +- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +- **none**: private IPC namespace, with /dev/shm not mounted. +- **ns:**_path_: path to an IPC namespace to join. +- **private**: private IPC namespace. += **shareable**: private IPC namespace with a possibility to share it with other containers. #### **--label**, **-l**=*label* |