aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-08-19 13:48:15 +0200
committerGitHub <noreply@github.com>2019-08-19 13:48:15 +0200
commitbefaa95d93481eef0d75d3babce7c6c643ecf85f (patch)
tree9a5e0b4d46846dc885a3ea3f27ccd2b3c9affd1e /docs
parent98dee275d04dafa087db12bc3f0593a078039cfb (diff)
parent316e51f0a91d24f75a9191e2226928bc0c1c5b91 (diff)
downloadpodman-befaa95d93481eef0d75d3babce7c6c643ecf85f.tar.gz
podman-befaa95d93481eef0d75d3babce7c6c643ecf85f.tar.bz2
podman-befaa95d93481eef0d75d3babce7c6c643ecf85f.zip
Merge pull request #3777 from rhatdan/vendor
Add support & documentation to run containers with different file types
Diffstat (limited to 'docs')
-rw-r--r--docs/podman-build.1.md24
-rw-r--r--docs/podman-create.1.md21
-rw-r--r--docs/podman-run.1.md11
3 files changed, 29 insertions, 27 deletions
diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md
index 878b31080..8deb8811e 100644
--- a/docs/podman-build.1.md
+++ b/docs/podman-build.1.md
@@ -375,18 +375,18 @@ to podman build, the option given would be `--runtime-flag log-format=json`.
Security Options
- "label=user:USER" : Set the label user for the container
- "label=role:ROLE" : Set the label role for the container
- "label=type:TYPE" : Set the label type for the container
- "label=level:LEVEL" : Set the label level for the container
- "label=disable" : Turn off label confinement for the container
- "no-new-privileges" : Not supported
-
- "seccomp=unconfined" : Turn off seccomp confinement for the container
- "seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
-
- "apparmor=unconfined" : Turn off apparmor confinement for the container
- "apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
+
+- `label=user:USER` : Set the label user for the container processes
+- `label=role:ROLE` : Set the label role for the container processes
+- `label=type:TYPE` : Set the label process type for the container processes
+- `label=level:LEVEL` : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable` : Turn off label separation for the container
+
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
**--shm-size**=*size*
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 1377f2a03..7634408f5 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -640,19 +640,20 @@ of the container is assumed to be managed externally.
Security Options
-"apparmor=unconfined" : Turn off apparmor confinement for the container
-"apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
-"label=user:USER" : Set the label user for the container
-"label=role:ROLE" : Set the label role for the container
-"label=type:TYPE" : Set the label type for the container
-"label=level:LEVEL" : Set the label level for the container
-"label=disable" : Turn off label confinement for the container
+- `label=user:USER` : Set the label user for the container processes
+- `label=role:ROLE` : Set the label role for the container processes
+- `label=type:TYPE` : Set the label process type for the container processes
+- `label=level:LEVEL` : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable` : Turn off label separation for the container
-"no-new-privileges" : Disable container processes from gaining additional privileges
+- `no-new-privileges` : Disable container processes from gaining additional privileges
-"seccomp=unconfined" : Turn off seccomp confinement for the container
-"seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
Note: Labeling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index 2445df566..33b5cbf9e 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -665,11 +665,12 @@ Security Options
- `apparmor=unconfined` : Turn off apparmor confinement for the container
- `apparmor=your-profile` : Set the apparmor confinement profile for the container
-- `label=user:USER` : Set the label user for the container
-- `label=role:ROLE` : Set the label role for the container
-- `label=type:TYPE` : Set the label type for the container
-- `label=level:LEVEL` : Set the label level for the container
-- `label=disable` : Turn off label confinement for the container
+- `label=user:USER` : Set the label user for the container processes
+- `label=role:ROLE` : Set the label role for the container processes
+- `label=type:TYPE` : Set the label process type for the container processes
+- `label=level:LEVEL` : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable` : Turn off label separation for the container
- `no-new-privileges` : Disable container processes from gaining additional privileges