diff options
| author | flouthoc <flouthoc.git@gmail.com> | 2021-08-25 16:13:17 +0530 |
|---|---|---|
| committer | Aditya Rajan <arajan@redhat.com> | 2021-09-14 13:31:39 +0530 |
| commit | a55e2a00fcb82485333eeec55aa2eaee338782d7 (patch) | |
| tree | d465835a368c7f78239d7abd1c2912347bf23d4c /docs/source/markdown | |
| parent | b603c7a4b91d30b33ce987740156f46804f24074 (diff) | |
| download | podman-a55e2a00fcb82485333eeec55aa2eaee338782d7.tar.gz podman-a55e2a00fcb82485333eeec55aa2eaee338782d7.tar.bz2 podman-a55e2a00fcb82485333eeec55aa2eaee338782d7.zip | |
rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108
Allows users to specify a readonly rootfs with :O, in exchange podman will create a writable overlay.
bump builah to v1.22.1-0.20210823173221-da2b428c56ce
[NO TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Diffstat (limited to 'docs/source/markdown')
| -rw-r--r-- | docs/source/markdown/podman-build.1.md | 9 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 16 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 16 |
3 files changed, 41 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index a2ed35f89..3278436bd 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -540,6 +540,15 @@ layers are not squashed. Squash all of the new image's layers (including those inherited from a base image) into a single new layer. +#### **--ssh**=*default|id[=socket>|[,]* + +SSH agent socket or keys to expose to the build. +The socket path can be left empty to use the value of `default=$SSH_AUTH_SOCK` + +To later use the ssh agent, use the --mount flag in a `RUN` instruction within a `Containerfile`: + +`RUN --mount=type=ssh,id=id mycmd` + #### **--stdin** Pass stdin into the RUN containers. Sometime commands being RUN within a Containerfile diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 00e94b41d..63836d040 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -850,6 +850,16 @@ If specified, the first argument refers to an exploded container on the file sys This is useful to run a container without requiring any image management, the rootfs of the container is assumed to be managed externally. + `Overlay Rootfs Mounts` + + The `:O` flag tells Podman to mount the directory from the rootfs path as +storage using the `overlay file system`. The container processes +can modify content within the mount point which is stored in the +container storage in a separate directory. In overlay terms, the source +directory will be the lower, and the container storage directory will be the +upper. Modifications to the mount point are destroyed when the container +finishes executing, similar to a tmpfs mount point being unmounted. + #### **--sdnotify**=**container**|**conmon**|**ignore** Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. @@ -1443,6 +1453,12 @@ $ podman create -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8 $ podman create --name container1 --personaity=LINUX32 fedora bash ``` +### Create a container with external rootfs mounted as an overlay + +``` +$ podman create --name container1 --rootfs /path/to/rootfs:O bash +``` + ### Rootless Containers Podman runs as a non root user on most systems. This feature requires that a new enough version of shadow-utils diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 63224b49d..3a6803aaa 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -883,6 +883,16 @@ If specified, the first argument refers to an exploded container on the file sys This is useful to run a container without requiring any image management, the rootfs of the container is assumed to be managed externally. + `Overlay Rootfs Mounts` + + The `:O` flag tells Podman to mount the directory from the rootfs path as +storage using the `overlay file system`. The container processes +can modify content within the mount point which is stored in the +container storage in a separate directory. In overlay terms, the source +directory will be the lower, and the container storage directory will be the +upper. Modifications to the mount point are destroyed when the container +finishes executing, similar to a tmpfs mount point being unmounted. + Note: On **SELinux** systems, the rootfs needs the correct label, which is by default **unconfined_u:object_r:container_file_t**. @@ -1791,6 +1801,12 @@ $ podman run -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8 $ podman run --name container1 --personaity=LINUX32 fedora bash ``` +### Run a container with external rootfs mounted as an overlay + +``` +$ podman run --name container1 --rootfs /path/to/rootfs:O bash +``` + ### Rootless Containers Podman runs as a non root user on most systems. This feature requires that a new enough version of **shadow-utils** |