summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-01-14 13:08:17 +0100
committerGitHub <noreply@github.com>2022-01-14 13:08:17 +0100
commit482e0b11d988983a777990a931a6d4125117c0f3 (patch)
treeab748201dbe30e891bb0ef2f8f63c8b64a587056 /docs
parent2c510146aa03c74fb00a15bcf81c62b14df9c7ea (diff)
parent6996830104afca5926daecc05d9154a0a9eb274d (diff)
downloadpodman-482e0b11d988983a777990a931a6d4125117c0f3.tar.gz
podman-482e0b11d988983a777990a931a6d4125117c0f3.tar.bz2
podman-482e0b11d988983a777990a931a6d4125117c0f3.zip
Merge pull request #12849 from cdoern/podProhibit
Prohibit --uid/gid map and --pod for container create/run
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/podman-create.1.md3
-rw-r--r--docs/source/markdown/podman-run.1.md4
2 files changed, 7 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index e3647b194..dd79a8d74 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -365,6 +365,8 @@ GID map for the user namespace. Using this flag will run the container with user
The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000`
+Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
+
#### **--group-add**=*group|keep-groups*
Add additional groups to assign to primary user running within the container process.
@@ -1166,6 +1168,7 @@ Even if a user does not have any subordinate UIDs in _/etc/subuid_,
**--uidmap** could still be used to map the normal UID of the user to a
container UID by running `podman create --uidmap $container_uid:0:1 --user $container_uid ...`.
+Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod.
#### **--ulimit**=*option*
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index b98e563ef..80652fcdf 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -407,6 +407,8 @@ Meaning **groupname** is initially mapped to gid **100000** which is referenced
above: The group **groupname** is mapped to group **100000** of the initial namespace then the
**30000**st id of this namespace (which is gid 130000 in this namespace) is mapped to container namespace group id **0**. (groupname -> 100000 / 30000 -> 0)
+Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
+
#### **--group-add**=*group|keep-groups*
Add additional groups to assign to primary user running within the container process.
@@ -1241,6 +1243,8 @@ Even if a user does not have any subordinate UIDs in _/etc/subuid_,
**--uidmap** could still be used to map the normal UID of the user to a
container UID by running `podman run --uidmap $container_uid:0:1 --user $container_uid ...`.
+Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod.
+
#### **--ulimit**=*option*
Ulimit options. You can use **host** to copy the current configuration from the host.