diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-07-08 13:11:18 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-07-18 10:32:25 +0200 |
commit | 0b57e77d7c1c54706611c9ca15e352425adb05e5 (patch) | |
tree | 6ae9a85fd1f16fb410ccfbd4ea88d5c6ef79004c /docs | |
parent | 7488ed6d9a619d86333dc1880d4df034fbb371b9 (diff) | |
download | podman-0b57e77d7c1c54706611c9ca15e352425adb05e5.tar.gz podman-0b57e77d7c1c54706611c9ca15e352425adb05e5.tar.bz2 podman-0b57e77d7c1c54706611c9ca15e352425adb05e5.zip |
libpod: support for cgroup namespace
allow a container to run in a new cgroup namespace.
When running in a new cgroup namespace, the current cgroup appears to
be the root, so that there is no way for the container to access
cgroups outside of its own subtree.
By default it uses --cgroup=host to keep the previous behavior.
To create a new namespace, --cgroup=private must be provided.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/podman-create.1.md | 8 | ||||
-rw-r--r-- | docs/podman-run.1.md | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 89f146670..24a78ab93 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -63,6 +63,14 @@ Add Linux capabilities Drop Linux capabilities +**--cgroupns**=*mode* + +Set the cgroup namespace mode for the container, by default **host** is used. + **host**: use the host's cgroup namespace inside the container. + **container:<NAME|ID>**: join the namespace of the specified container. + **private**: create a new cgroup namespace. + **ns:<PATH>**: join the namespace at the specified path. + **--cgroup-parent**=*path* Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index ebf774b24..6315afea6 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -77,6 +77,14 @@ Add Linux capabilities Drop Linux capabilities +**--cgroupns**=*mode* + +Set the cgroup namespace mode for the container, by default **host** is used. + **host**: use the host's cgroup namespace inside the container. + **container:<NAME|ID>**: join the namespace of the specified container. + **private**: create a new cgroup namespace. + **ns:<PATH>**: join the namespace at the specified path. + **--cgroup-parent**=*cgroup* Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. |