diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-04-26 10:51:59 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-04-26 12:29:10 -0400 |
commit | 3a4be4b66ca22d87446c37218b300b8f31a84b92 (patch) | |
tree | dcd3430bb191a145aa386679fb7f9fcf366411ac /docs | |
parent | 135c8bef223d32f553659cbdfd5eb99f948a6c84 (diff) | |
download | podman-3a4be4b66ca22d87446c37218b300b8f31a84b92.tar.gz podman-3a4be4b66ca22d87446c37218b300b8f31a84b92.tar.bz2 podman-3a4be4b66ca22d87446c37218b300b8f31a84b92.zip |
Add --read-only-tmpfs options
The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp
if the container is running int read-only mode.
The default is true, so you would need to execute a command like
--read-only --read-only-tmpfs=false to turn off this behaviour.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/podman-create.1.md | 3 | ||||
-rw-r--r-- | docs/podman-run.1.md | 9 |
2 files changed, 11 insertions, 1 deletions
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index f61deebd2..52c965293 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -542,6 +542,9 @@ By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the `--read-only` flag the container will have its root filesystem mounted as read only prohibiting any writes. +**--read-only-tmpfs**=*true*|*false* +If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is *true* + **--restart=""** Not implemented. diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 5a311980f..e54e5e691 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -534,6 +534,9 @@ By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the `--read-only` flag the container will have its root filesystem mounted as read only prohibiting any writes. +**--read-only-tmpfs**=*true*|*false* +If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is *true* + **--restart=""** Not implemented. @@ -905,7 +908,11 @@ still need to write temporary data. The best way to handle this is to mount tmpfs directories on /run and /tmp. ``` -$ podman run --read-only --tmpfs /run --tmpfs /tmp -i -t fedora /bin/bash +$ podman run --read-only -i -t fedora /bin/bash +``` + +``` +$ podman run --read-only --read-only-tmpfs=false --tmpfs /run -i -t fedora /bin/bash ``` ### Exposing log messages from the container to the host's log |