aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-01-15 01:16:07 +0100
committerGitHub <noreply@github.com>2020-01-15 01:16:07 +0100
commit0aa9dba3e1009dbbdf59d47d9370db0de4679730 (patch)
treea2fad9f02f0ae24e958995615e4e5963b3f7f92a /docs
parentad5137bc7b346ef2e28eb85c872728b6748bc629 (diff)
parentf3f4c54f2abc341cee1e7b83e9538d91a3c627e3 (diff)
downloadpodman-0aa9dba3e1009dbbdf59d47d9370db0de4679730.tar.gz
podman-0aa9dba3e1009dbbdf59d47d9370db0de4679730.tar.bz2
podman-0aa9dba3e1009dbbdf59d47d9370db0de4679730.zip
Merge pull request #4806 from vrothberg/seccomp
policy for seccomp-profile selection
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/podman-create.1.md6
-rw-r--r--docs/source/markdown/podman-run.1.md6
2 files changed, 12 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index abde899bf..81fae0b25 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -676,6 +676,12 @@ If specified, the first argument refers to an exploded container on the file sys
This is useful to run a container without requiring any image management, the rootfs
of the container is assumed to be managed externally.
+**--seccomp-policy**=*policy*
+
+Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" annotation in the container image and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below.
+
+Note that this feature is experimental and may change in the future.
+
**--security-opt**=*option*
Security Options
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 9484ad347..af5bb814d 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -697,6 +697,12 @@ of the container is assumed to be managed externally.
Note: On `SELinux` systems, the rootfs needs the correct label, which is by default
`unconfined_u:object_r:container_file_t`.
+**--seccomp-policy**=*policy*
+
+Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" annotation in the container image and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below.
+
+Note that this feature is experimental and may change in the future.
+
**--security-opt**=*option*
Security Options