diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-01-14 13:08:17 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-14 13:08:17 +0100 |
commit | 482e0b11d988983a777990a931a6d4125117c0f3 (patch) | |
tree | ab748201dbe30e891bb0ef2f8f63c8b64a587056 /docs | |
parent | 2c510146aa03c74fb00a15bcf81c62b14df9c7ea (diff) | |
parent | 6996830104afca5926daecc05d9154a0a9eb274d (diff) | |
download | podman-482e0b11d988983a777990a931a6d4125117c0f3.tar.gz podman-482e0b11d988983a777990a931a6d4125117c0f3.tar.bz2 podman-482e0b11d988983a777990a931a6d4125117c0f3.zip |
Merge pull request #12849 from cdoern/podProhibit
Prohibit --uid/gid map and --pod for container create/run
Diffstat (limited to 'docs')
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 3 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 4 |
2 files changed, 7 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index e3647b194..dd79a8d74 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -365,6 +365,8 @@ GID map for the user namespace. Using this flag will run the container with user The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000` +Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod. + #### **--group-add**=*group|keep-groups* Add additional groups to assign to primary user running within the container process. @@ -1166,6 +1168,7 @@ Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman create --uidmap $container_uid:0:1 --user $container_uid ...`. +Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod. #### **--ulimit**=*option* diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index b98e563ef..80652fcdf 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -407,6 +407,8 @@ Meaning **groupname** is initially mapped to gid **100000** which is referenced above: The group **groupname** is mapped to group **100000** of the initial namespace then the **30000**st id of this namespace (which is gid 130000 in this namespace) is mapped to container namespace group id **0**. (groupname -> 100000 / 30000 -> 0) +Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod. + #### **--group-add**=*group|keep-groups* Add additional groups to assign to primary user running within the container process. @@ -1241,6 +1243,8 @@ Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman run --uidmap $container_uid:0:1 --user $container_uid ...`. +Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod. + #### **--ulimit**=*option* Ulimit options. You can use **host** to copy the current configuration from the host. |