summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-run.1.md
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-07-23 11:04:48 +0200
committerGitHub <noreply@github.com>2020-07-23 11:04:48 +0200
commitdade9159e7a0f848e101221274faa3f4f03cf132 (patch)
tree4fc8aa7a9379260c103d86c37cfc0a2ad511a9e9 /docs/source/markdown/podman-run.1.md
parent2d24487ba244e5cd900f6aecc5d8896e1354d1ee (diff)
parent2faeb2189f81b6925d80aa8031cb5b19aa8618cb (diff)
downloadpodman-dade9159e7a0f848e101221274faa3f4f03cf132.tar.gz
podman-dade9159e7a0f848e101221274faa3f4f03cf132.tar.bz2
podman-dade9159e7a0f848e101221274faa3f4f03cf132.zip
Merge pull request #7054 from mheon/backports_203
Backports and Release Notes for v2.0.3
Diffstat (limited to 'docs/source/markdown/podman-run.1.md')
-rw-r--r--docs/source/markdown/podman-run.1.md21
1 files changed, 15 insertions, 6 deletions
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 6632ac2d1..7b93eb025 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -245,6 +245,12 @@ Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/d
Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**).
+**--disable-content-trust**
+
+This is a Docker specific option to disable image verification to a Docker
+registry and is not supported by Podman. This flag is a NOOP and provided
+solely for scripting compatibility.
+
**--dns**=*ipaddr*
Set custom DNS servers. Invalid if using **--dns** with **--network** that is set to **none** or **container:**_id_.
@@ -493,7 +499,7 @@ Tune a container's memory swappiness behavior. Accepts an integer between *0* an
Attach a filesystem mount to the container
-Current supported mount TYPEs are **bind**, **volume**, and **tmpfs**.
+Current supported mount TYPEs are **bind**, **volume**, and **tmpfs**. <sup>[[1]](#Footnote1)</sup>
e.g.
@@ -737,7 +743,7 @@ Security Options
- **label=disable**: Turn off label separation for the container
- **no-new-privileges**: Disable container processes from gaining additional privileges
- **seccomp=unconfined**: Turn off seccomp confinement for the container
-- **seccomp**=_profile.json_: Whitelisted syscalls seccomp JSON file to be used as a seccomp filter
+- **seccomp**=_profile.json_: Allowed syscall list seccomp JSON file to be used as a seccomp filter
Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file.
@@ -903,7 +909,7 @@ container. Similarly, _source-volume_:_/container-dir_ will mount the volume
in the host to the container. If no such named volume exists, Podman will
create one.
-The _options_ is a comma delimited list and can be:
+The _options_ is a comma delimited list and can be: <sup>[[1]](#Footnote1)</sup>
* **rw**|**ro**
* **z**|**Z**
@@ -953,7 +959,7 @@ this behavior by specifying a volume mount propagation property. Making a
volume shared mounts done under that volume inside container will be
visible on host and vice versa. Making a volume **slave** enables only one
way mount propagation and that is mounts done on host under that volume
-will be visible inside container but not the other way around.
+will be visible inside container but not the other way around. <sup>[[1]](#Footnote1)</sup>
To control mount propagation property of volume one can use [**r**]**shared**,
[**r**]**slave** or [**r**]**private** propagation flag. Propagation property can
@@ -961,7 +967,7 @@ be specified only for bind mounted volumes and not for internal volumes or
named volumes. For mount propagation to work source mount point (mount point
where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
-source mount has to be either shared or slave.
+source mount has to be either shared or slave. <sup>[[1]](#Footnote1)</sup>
If you want to recursively mount a volume and all of its submounts into a
container, then you can use the **rbind** option. By default the bind option is
@@ -988,7 +994,7 @@ properties of source mount. If **findmnt**(1) utility is not available, then one
can look at mount entry for source mount point in _/proc/self/mountinfo_. Look
at the "optional fields" and see if any propagation properties are specified.
In there, **shared:N** means the mount is shared, **master:N** means mount
-is slave, and if nothing is there, the mount is private.
+is slave, and if nothing is there, the mount is private. <sup>[[1]](#Footnote1)</sup>
To change propagation properties of a mount point, use **mount**(8) command. For
example, if one wants to bind mount source directory _/foo_, one can do
@@ -1371,3 +1377,6 @@ July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2014, Originally compiled by William Henry <whenry@redhat.com> based on docker.com source material and internal work.
+
+## FOOTNOTES
+<a name="Footnote1">1</a>: The Podman project is committed to inclusivity, a core value of open source. The `master` and `slave` mount propagation terminology used here is problematic and divisive, and should be changed. However, these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, Podman will follow suit immediately.