summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-07-08 13:11:18 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-07-18 10:32:25 +0200
commit0b57e77d7c1c54706611c9ca15e352425adb05e5 (patch)
tree6ae9a85fd1f16fb410ccfbd4ea88d5c6ef79004c /docs
parent7488ed6d9a619d86333dc1880d4df034fbb371b9 (diff)
downloadpodman-0b57e77d7c1c54706611c9ca15e352425adb05e5.tar.gz
podman-0b57e77d7c1c54706611c9ca15e352425adb05e5.tar.bz2
podman-0b57e77d7c1c54706611c9ca15e352425adb05e5.zip
libpod: support for cgroup namespace
allow a container to run in a new cgroup namespace. When running in a new cgroup namespace, the current cgroup appears to be the root, so that there is no way for the container to access cgroups outside of its own subtree. By default it uses --cgroup=host to keep the previous behavior. To create a new namespace, --cgroup=private must be provided. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/podman-create.1.md8
-rw-r--r--docs/podman-run.1.md8
2 files changed, 16 insertions, 0 deletions
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 89f146670..24a78ab93 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -63,6 +63,14 @@ Add Linux capabilities
Drop Linux capabilities
+**--cgroupns**=*mode*
+
+Set the cgroup namespace mode for the container, by default **host** is used.
+ **host**: use the host's cgroup namespace inside the container.
+ **container:<NAME|ID>**: join the namespace of the specified container.
+ **private**: create a new cgroup namespace.
+ **ns:<PATH>**: join the namespace at the specified path.
+
**--cgroup-parent**=*path*
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index ebf774b24..6315afea6 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -77,6 +77,14 @@ Add Linux capabilities
Drop Linux capabilities
+**--cgroupns**=*mode*
+
+Set the cgroup namespace mode for the container, by default **host** is used.
+ **host**: use the host's cgroup namespace inside the container.
+ **container:<NAME|ID>**: join the namespace of the specified container.
+ **private**: create a new cgroup namespace.
+ **ns:<PATH>**: join the namespace at the specified path.
+
**--cgroup-parent**=*cgroup*
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.