summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CONTRIBUTING.md43
-rw-r--r--cmd/podman/shared/container.go144
-rw-r--r--cmd/podman/shared/container_inspect.go255
-rw-r--r--contrib/podmanimage/upstream/Dockerfile11
-rw-r--r--docs/podman-attach.1.md6
-rw-r--r--docs/podman-build.1.md89
-rw-r--r--docs/podman-commit.1.md16
-rw-r--r--docs/podman-container-checkpoint.1.md6
-rw-r--r--docs/podman-container-cleanup.1.md6
-rw-r--r--docs/podman-container-exists.1.md22
-rw-r--r--docs/podman-container-prune.1.md23
-rw-r--r--docs/podman-container-restore.1.md4
-rw-r--r--docs/podman-container-runlabel.1.md52
-rw-r--r--docs/podman-cp.1.md2
-rw-r--r--docs/podman-create.1.md189
-rw-r--r--docs/podman-diff.1.md2
-rw-r--r--docs/podman-events.1.md6
-rw-r--r--docs/podman-exec.1.md14
-rw-r--r--docs/podman-export.1.md2
-rw-r--r--docs/podman-generate-kube.1.md27
-rw-r--r--docs/podman-generate-systemd.1.md26
-rw-r--r--docs/podman-history.1.md6
-rw-r--r--docs/podman-image-exists.1.md23
-rw-r--r--docs/podman-image-prune.1.md21
-rw-r--r--docs/podman-image-sign.1.md26
-rw-r--r--docs/podman-image-tree.1.md4
-rw-r--r--docs/podman-image-trust.1.md37
-rw-r--r--docs/podman-images.1.md18
-rw-r--r--docs/podman-import.1.md6
-rw-r--r--docs/podman-info.1.md4
-rw-r--r--docs/podman-init.1.md7
-rw-r--r--docs/podman-inspect.1.md10
-rw-r--r--docs/podman-kill.1.md6
-rw-r--r--docs/podman-load.1.md6
-rw-r--r--docs/podman-login.1.md10
-rw-r--r--docs/podman-logout.1.md4
-rw-r--r--docs/podman-logs.1.md16
-rw-r--r--docs/podman-mount.1.md8
-rw-r--r--docs/podman-pause.1.md2
-rw-r--r--docs/podman-play-kube.1.md36
-rw-r--r--docs/podman-pod-create.1.md18
-rw-r--r--docs/podman-pod-exists.1.md15
-rw-r--r--docs/podman-pod-inspect.1.md2
-rw-r--r--docs/podman-pod-kill.1.md6
-rw-r--r--docs/podman-pod-pause.1.md4
-rw-r--r--docs/podman-pod-prune.1.md18
-rw-r--r--docs/podman-pod-ps.1.md8
-rw-r--r--docs/podman-pod-restart.1.md4
-rw-r--r--docs/podman-pod-rm.1.md6
-rw-r--r--docs/podman-pod-start.1.md4
-rw-r--r--docs/podman-pod-stats.1.md10
-rw-r--r--docs/podman-pod-stop.1.md6
-rw-r--r--docs/podman-pod-top.1.md6
-rw-r--r--docs/podman-pod-unpause.1.md4
-rw-r--r--docs/podman-port.1.md4
-rw-r--r--docs/podman-ps.1.md20
-rw-r--r--docs/podman-pull.1.md12
-rw-r--r--docs/podman-push.1.md14
-rw-r--r--docs/podman-restart.1.md6
-rw-r--r--docs/podman-rm.1.md10
-rw-r--r--docs/podman-rmi.1.md6
-rw-r--r--docs/podman-run.1.md187
-rw-r--r--docs/podman-save.1.md8
-rw-r--r--docs/podman-search.1.md10
-rw-r--r--docs/podman-start.1.md10
-rw-r--r--docs/podman-stats.1.md9
-rw-r--r--docs/podman-stop.1.md8
-rw-r--r--docs/podman-system-df.1.md8
-rw-r--r--docs/podman-system-migrate.1.md4
-rw-r--r--docs/podman-system-prune.1.md18
-rw-r--r--docs/podman-system-renumber.1.md11
-rw-r--r--docs/podman-tag.1.md6
-rw-r--r--docs/podman-top.1.md8
-rw-r--r--docs/podman-umount.1.md10
-rw-r--r--docs/podman-unpause.1.md6
-rw-r--r--docs/podman-unshare.1.md2
-rw-r--r--docs/podman-varlink.1.md11
-rw-r--r--docs/podman-version.1.md4
-rw-r--r--docs/podman-volume-create.1.md6
-rw-r--r--docs/podman-volume-inspect.1.md4
-rw-r--r--docs/podman-volume-ls.1.md6
-rw-r--r--docs/podman-volume-prune.1.md2
-rw-r--r--docs/podman-volume-rm.1.md4
-rw-r--r--docs/podman-wait.1.md10
-rw-r--r--docs/podman.1.md26
-rw-r--r--libpod/container_api.go28
-rw-r--r--libpod/container_inspect.go123
-rw-r--r--libpod/driver/driver.go11
-rw-r--r--libpod/healthcheck.go33
-rw-r--r--libpod/image/image.go2
-rw-r--r--libpod/networking_linux.go3
-rw-r--r--libpod/networking_unsupported.go6
-rw-r--r--pkg/adapter/containers_remote.go5
-rw-r--r--pkg/inspect/inspect.go205
-rw-r--r--pkg/rootless/rootless_linux.go1
-rw-r--r--test/e2e/common_test.go7
96 files changed, 1121 insertions, 1059 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3778d6d7d..87efdeb8f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -8,6 +8,7 @@ that we follow.
* [Reporting Issues](#reporting-issues)
* [Contributing to libpod](#contributing-to-libpod)
+* [Continuous Integration](#continuous-integration) [![Build Status](https://api.cirrus-ci.com/github/containers/libpod.svg)](https://cirrus-ci.com/github/containers/libpod/master)
* [Submitting Pull Requests](#submitting-pull-requests)
* [Communications](#communications)
@@ -296,6 +297,48 @@ be provided with PRs.
For details on how to run the tests for Podman in your test environment, see the
Integration Tests [README.md](test/README.md).
+## Continuous Integration
+
+All pull requests and branch-merges automatically run:
+
+* Go format/lint checking
+* Unit testing
+* Integration Testing
+* Special testing (like running inside a container, or as a regular user)
+
+For a more in-depth reference of the CI system, please [refer to it's dedicated
+documentation.](contrib/cirrus/README.md)
+
+There is always additional complexity added by automation, and so it sometimes
+can fail for any number of reasons. This includes post-merge testing on all
+branches, which you may occasionally see [red bars on the status graph
+.](https://cirrus-ci.com/github/containers/libpod/master)
+
+When the graph shows mostly green bars on the right, it's a good indication
+the master branch is currently stable. Alternating red/green bars is indicitave
+of a testing "flake", and should be examined (anybody can do this):
+
+* *One or a small handful of tests, on a single task, (i.e. specific distro/version)
+ where all others ran successfully:* Frequently the cause is networking or a brief
+ external service outage. The failed tasks may simply be re-run by pressing the
+ corresponding button on the task details page.
+
+* *Multiple tasks failing*: Logically this should be due to some shared/common element.
+ If that element is identifiable as a networking or external service (e.g. packaging
+ repository outage), a re-run should be attempted.
+
+* *All tasks are failing*: If a common element is **not** identifiable as
+ temporary (i.e. container registry outage), please seek assistance via
+ [the methods below](#communications) as this may be early indication of
+ a more serious problem.
+
+In the (hopefully) rare case there are multiple, contiguous red bars, this is
+a ***very bad*** sign. It means additional merges are occurring despite an uncorrected
+or persistently faulty condition. This risks additional bugs being introduced
+and further complication of necessary corrective measures. Most likely people
+are aware and working on this, but it doesn't hurt [to confirm and/or try and help
+if possible.](#communications)
+
## Communications
For general questions and discussion, please use the
diff --git a/cmd/podman/shared/container.go b/cmd/podman/shared/container.go
index 55cc529e0..c97eaa290 100644
--- a/cmd/podman/shared/container.go
+++ b/cmd/podman/shared/container.go
@@ -4,7 +4,6 @@ import (
"context"
"fmt"
"io"
- v1 "k8s.io/api/core/v1"
"os"
"path/filepath"
"regexp"
@@ -17,15 +16,13 @@ import (
"github.com/containers/image/types"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/image"
- "github.com/containers/libpod/pkg/inspect"
- cc "github.com/containers/libpod/pkg/spec"
"github.com/containers/libpod/pkg/util"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/docker/go-units"
"github.com/google/shlex"
- "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
+ v1 "k8s.io/api/core/v1"
)
const (
@@ -621,145 +618,6 @@ func getStrFromSquareBrackets(cmd string) string {
return strings.Join(arr, ",")
}
-// GetCtrInspectInfo takes container inspect data and collects all its info into a ContainerData
-// structure for inspection related methods
-func GetCtrInspectInfo(config *libpod.ContainerConfig, ctrInspectData *inspect.ContainerInspectData, createArtifact *cc.CreateConfig) (*inspect.ContainerData, error) {
- spec := config.Spec
-
- cpus, mems, period, quota, realtimePeriod, realtimeRuntime, shares := getCPUInfo(spec)
- blkioWeight, blkioWeightDevice, blkioReadBps, blkioWriteBps, blkioReadIOPS, blkioeWriteIOPS := getBLKIOInfo(spec)
- memKernel, memReservation, memSwap, memSwappiness, memDisableOOMKiller := getMemoryInfo(spec)
- pidsLimit := getPidsInfo(spec)
- cgroup := getCgroup(spec)
- logConfig := inspect.LogConfig{
- config.LogDriver,
- make(map[string]string),
- }
-
- data := &inspect.ContainerData{
- ctrInspectData,
- &inspect.HostConfig{
- ConsoleSize: spec.Process.ConsoleSize,
- OomScoreAdj: spec.Process.OOMScoreAdj,
- CPUShares: shares,
- BlkioWeight: blkioWeight,
- BlkioWeightDevice: blkioWeightDevice,
- BlkioDeviceReadBps: blkioReadBps,
- BlkioDeviceWriteBps: blkioWriteBps,
- BlkioDeviceReadIOps: blkioReadIOPS,
- BlkioDeviceWriteIOps: blkioeWriteIOPS,
- CPUPeriod: period,
- CPUQuota: quota,
- CPURealtimePeriod: realtimePeriod,
- CPURealtimeRuntime: realtimeRuntime,
- CPUSetCPUs: cpus,
- CPUSetMems: mems,
- Devices: spec.Linux.Devices,
- KernelMemory: memKernel,
- MemoryReservation: memReservation,
- MemorySwap: memSwap,
- MemorySwappiness: memSwappiness,
- OomKillDisable: memDisableOOMKiller,
- PidsLimit: pidsLimit,
- Privileged: config.Privileged,
- ReadOnlyRootfs: spec.Root.Readonly,
- ReadOnlyTmpfs: createArtifact.ReadOnlyTmpfs,
- Runtime: config.OCIRuntime,
- NetworkMode: string(createArtifact.NetMode),
- IpcMode: string(createArtifact.IpcMode),
- Cgroup: cgroup,
- UTSMode: string(createArtifact.UtsMode),
- UsernsMode: string(createArtifact.UsernsMode),
- GroupAdd: spec.Process.User.AdditionalGids,
- ContainerIDFile: createArtifact.CidFile,
- AutoRemove: createArtifact.Rm,
- CapAdd: createArtifact.CapAdd,
- CapDrop: createArtifact.CapDrop,
- DNS: createArtifact.DNSServers,
- DNSOptions: createArtifact.DNSOpt,
- DNSSearch: createArtifact.DNSSearch,
- PidMode: string(createArtifact.PidMode),
- CgroupParent: createArtifact.CgroupParent,
- ShmSize: createArtifact.Resources.ShmSize,
- Memory: createArtifact.Resources.Memory,
- Ulimits: createArtifact.Resources.Ulimit,
- SecurityOpt: createArtifact.SecurityOpts,
- Tmpfs: createArtifact.Tmpfs,
- LogConfig: &logConfig,
- },
- &inspect.CtrConfig{
- Hostname: spec.Hostname,
- User: spec.Process.User,
- Env: spec.Process.Env,
- Image: config.RootfsImageName,
- WorkingDir: spec.Process.Cwd,
- Labels: config.Labels,
- Annotations: spec.Annotations,
- Tty: spec.Process.Terminal,
- OpenStdin: config.Stdin,
- StopSignal: config.StopSignal,
- Cmd: config.Spec.Process.Args,
- Entrypoint: strings.Join(createArtifact.Entrypoint, " "),
- Healthcheck: config.HealthCheckConfig,
- },
- }
- return data, nil
-}
-
-func getCPUInfo(spec *specs.Spec) (string, string, *uint64, *int64, *uint64, *int64, *uint64) {
- if spec.Linux.Resources == nil {
- return "", "", nil, nil, nil, nil, nil
- }
- cpu := spec.Linux.Resources.CPU
- if cpu == nil {
- return "", "", nil, nil, nil, nil, nil
- }
- return cpu.Cpus, cpu.Mems, cpu.Period, cpu.Quota, cpu.RealtimePeriod, cpu.RealtimeRuntime, cpu.Shares
-}
-
-func getBLKIOInfo(spec *specs.Spec) (*uint16, []specs.LinuxWeightDevice, []specs.LinuxThrottleDevice, []specs.LinuxThrottleDevice, []specs.LinuxThrottleDevice, []specs.LinuxThrottleDevice) {
- if spec.Linux.Resources == nil {
- return nil, nil, nil, nil, nil, nil
- }
- blkio := spec.Linux.Resources.BlockIO
- if blkio == nil {
- return nil, nil, nil, nil, nil, nil
- }
- return blkio.Weight, blkio.WeightDevice, blkio.ThrottleReadBpsDevice, blkio.ThrottleWriteBpsDevice, blkio.ThrottleReadIOPSDevice, blkio.ThrottleWriteIOPSDevice
-}
-
-func getMemoryInfo(spec *specs.Spec) (*int64, *int64, *int64, *uint64, *bool) {
- if spec.Linux.Resources == nil {
- return nil, nil, nil, nil, nil
- }
- memory := spec.Linux.Resources.Memory
- if memory == nil {
- return nil, nil, nil, nil, nil
- }
- return memory.Kernel, memory.Reservation, memory.Swap, memory.Swappiness, memory.DisableOOMKiller
-}
-
-func getPidsInfo(spec *specs.Spec) *int64 {
- if spec.Linux.Resources == nil {
- return nil
- }
- pids := spec.Linux.Resources.Pids
- if pids == nil {
- return nil
- }
- return &pids.Limit
-}
-
-func getCgroup(spec *specs.Spec) string {
- cgroup := "host"
- for _, ns := range spec.Linux.Namespaces {
- if ns.Type == specs.CgroupNamespace && ns.Path != "" {
- cgroup = "container"
- }
- }
- return cgroup
-}
-
func comparePorts(i, j ocicni.PortMapping) bool {
if i.ContainerPort != j.ContainerPort {
return i.ContainerPort < j.ContainerPort
diff --git a/cmd/podman/shared/container_inspect.go b/cmd/podman/shared/container_inspect.go
new file mode 100644
index 000000000..97a1d0238
--- /dev/null
+++ b/cmd/podman/shared/container_inspect.go
@@ -0,0 +1,255 @@
+package shared
+
+import (
+ "strings"
+
+ "github.com/containers/image/manifest"
+ "github.com/containers/libpod/libpod"
+ cc "github.com/containers/libpod/pkg/spec"
+ "github.com/docker/go-connections/nat"
+ specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// InspectContainer holds all inspect data for a container.
+// The format of individual components is fixed so the overall structure, when
+// JSON encoded, matches the output of `docker inspect`.
+// It combines Libpod-source inspect data with Podman-specific inspect data.
+type InspectContainer struct {
+ *libpod.InspectContainerData
+ HostConfig *InspectContainerHostConfig `json:"HostConfig"`
+ Config *InspectContainerConfig `json:"Config"`
+}
+
+// InspectContainerHostConfig holds Container configuration that is not specific
+// to Libpod. This information is (mostly) stored by Podman as an artifact.
+// This struct is matched to the output of `docker inspect`.
+type InspectContainerHostConfig struct {
+ ContainerIDFile string `json:"ContainerIDFile"`
+ LogConfig *InspectLogConfig `json:"LogConfig"` //TODO
+ NetworkMode string `json:"NetworkMode"`
+ PortBindings nat.PortMap `json:"PortBindings"` //TODO
+ AutoRemove bool `json:"AutoRemove"`
+ CapAdd []string `json:"CapAdd"`
+ CapDrop []string `json:"CapDrop"`
+ DNS []string `json:"DNS"`
+ DNSOptions []string `json:"DNSOptions"`
+ DNSSearch []string `json:"DNSSearch"`
+ ExtraHosts []string `json:"ExtraHosts"`
+ GroupAdd []uint32 `json:"GroupAdd"`
+ IpcMode string `json:"IpcMode"`
+ Cgroup string `json:"Cgroup"`
+ OomScoreAdj *int `json:"OomScoreAdj"`
+ PidMode string `json:"PidMode"`
+ Privileged bool `json:"Privileged"`
+ PublishAllPorts bool `json:"PublishAllPorts"` //TODO
+ ReadOnlyRootfs bool `json:"ReadonlyRootfs"`
+ ReadOnlyTmpfs bool `json:"ReadonlyTmpfs"`
+ SecurityOpt []string `json:"SecurityOpt"`
+ UTSMode string `json:"UTSMode"`
+ UsernsMode string `json:"UsernsMode"`
+ ShmSize int64 `json:"ShmSize"`
+ Runtime string `json:"Runtime"`
+ ConsoleSize *specs.Box `json:"ConsoleSize"`
+ CPUShares *uint64 `json:"CpuShares"`
+ Memory int64 `json:"Memory"`
+ NanoCPUs int `json:"NanoCpus"`
+ CgroupParent string `json:"CgroupParent"`
+ BlkioWeight *uint16 `json:"BlkioWeight"`
+ BlkioWeightDevice []specs.LinuxWeightDevice `json:"BlkioWeightDevice"`
+ BlkioDeviceReadBps []specs.LinuxThrottleDevice `json:"BlkioDeviceReadBps"`
+ BlkioDeviceWriteBps []specs.LinuxThrottleDevice `json:"BlkioDeviceWriteBps"`
+ BlkioDeviceReadIOps []specs.LinuxThrottleDevice `json:"BlkioDeviceReadIOps"`
+ BlkioDeviceWriteIOps []specs.LinuxThrottleDevice `json:"BlkioDeviceWriteIOps"`
+ CPUPeriod *uint64 `json:"CpuPeriod"`
+ CPUQuota *int64 `json:"CpuQuota"`
+ CPURealtimePeriod *uint64 `json:"CpuRealtimePeriod"`
+ CPURealtimeRuntime *int64 `json:"CpuRealtimeRuntime"`
+ CPUSetCPUs string `json:"CpuSetCpus"`
+ CPUSetMems string `json:"CpuSetMems"`
+ Devices []specs.LinuxDevice `json:"Devices"`
+ DiskQuota int `json:"DiskQuota"` //check type, TODO
+ KernelMemory *int64 `json:"KernelMemory"`
+ MemoryReservation *int64 `json:"MemoryReservation"`
+ MemorySwap *int64 `json:"MemorySwap"`
+ MemorySwappiness *uint64 `json:"MemorySwappiness"`
+ OomKillDisable *bool `json:"OomKillDisable"`
+ PidsLimit *int64 `json:"PidsLimit"`
+ Ulimits []string `json:"Ulimits"`
+ CPUCount int `json:"CpuCount"`
+ CPUPercent int `json:"CpuPercent"`
+ IOMaximumIOps int `json:"IOMaximumIOps"` //check type, TODO
+ IOMaximumBandwidth int `json:"IOMaximumBandwidth"` //check type, TODO
+ Tmpfs []string `json:"Tmpfs"`
+}
+
+// InspectContainerConfig holds further data about a container, again mostly
+// not directly stored in Libpod. This struct is matched to the output of
+// `docker inspect`.
+type InspectContainerConfig struct {
+ Hostname string `json:"Hostname"`
+ DomainName string `json:"Domainname"` //TODO
+ User specs.User `json:"User"`
+ AttachStdin bool `json:"AttachStdin"` //TODO
+ AttachStdout bool `json:"AttachStdout"` //TODO
+ AttachStderr bool `json:"AttachStderr"` //TODO
+ Tty bool `json:"Tty"`
+ OpenStdin bool `json:"OpenStdin"`
+ StdinOnce bool `json:"StdinOnce"` //TODO
+ Env []string `json:"Env"`
+ Cmd []string `json:"Cmd"`
+ Image string `json:"Image"`
+ Volumes map[string]struct{} `json:"Volumes"`
+ WorkingDir string `json:"WorkingDir"`
+ Entrypoint string `json:"Entrypoint"`
+ Labels map[string]string `json:"Labels"`
+ Annotations map[string]string `json:"Annotations"`
+ StopSignal uint `json:"StopSignal"`
+ Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"`
+}
+
+// InspectLogConfig holds information about a container's configured log driver
+// and is presently unused. It is retained for Docker compatability.
+type InspectLogConfig struct {
+ Type string `json:"Type"`
+ Config map[string]string `json:"Config"` //idk type, TODO
+}
+
+// GetCtrInspectInfo inspects a container, combining Libpod inspect information
+// with other information not stored in Libpod and returning a struct that, when
+// formatted for JSON output, is compatible with `docker inspect`.
+func GetCtrInspectInfo(config *libpod.ContainerConfig, ctrInspectData *libpod.InspectContainerData, createArtifact *cc.CreateConfig) (*InspectContainer, error) {
+ spec := config.Spec
+
+ cpus, mems, period, quota, realtimePeriod, realtimeRuntime, shares := getCPUInfo(spec)
+ blkioWeight, blkioWeightDevice, blkioReadBps, blkioWriteBps, blkioReadIOPS, blkioeWriteIOPS := getBLKIOInfo(spec)
+ memKernel, memReservation, memSwap, memSwappiness, memDisableOOMKiller := getMemoryInfo(spec)
+ pidsLimit := getPidsInfo(spec)
+ cgroup := getCgroup(spec)
+ logConfig := InspectLogConfig{
+ config.LogDriver,
+ make(map[string]string),
+ }
+
+ data := &InspectContainer{
+ ctrInspectData,
+ &InspectContainerHostConfig{
+ ConsoleSize: spec.Process.ConsoleSize,
+ OomScoreAdj: spec.Process.OOMScoreAdj,
+ CPUShares: shares,
+ BlkioWeight: blkioWeight,
+ BlkioWeightDevice: blkioWeightDevice,
+ BlkioDeviceReadBps: blkioReadBps,
+ BlkioDeviceWriteBps: blkioWriteBps,
+ BlkioDeviceReadIOps: blkioReadIOPS,
+ BlkioDeviceWriteIOps: blkioeWriteIOPS,
+ CPUPeriod: period,
+ CPUQuota: quota,
+ CPURealtimePeriod: realtimePeriod,
+ CPURealtimeRuntime: realtimeRuntime,
+ CPUSetCPUs: cpus,
+ CPUSetMems: mems,
+ Devices: spec.Linux.Devices,
+ KernelMemory: memKernel,
+ LogConfig: &logConfig,
+ MemoryReservation: memReservation,
+ MemorySwap: memSwap,
+ MemorySwappiness: memSwappiness,
+ OomKillDisable: memDisableOOMKiller,
+ PidsLimit: pidsLimit,
+ Privileged: config.Privileged,
+ ReadOnlyRootfs: spec.Root.Readonly,
+ ReadOnlyTmpfs: createArtifact.ReadOnlyTmpfs,
+ Runtime: config.OCIRuntime,
+ NetworkMode: string(createArtifact.NetMode),
+ IpcMode: string(createArtifact.IpcMode),
+ Cgroup: cgroup,
+ UTSMode: string(createArtifact.UtsMode),
+ UsernsMode: string(createArtifact.UsernsMode),
+ GroupAdd: spec.Process.User.AdditionalGids,
+ ContainerIDFile: createArtifact.CidFile,
+ AutoRemove: createArtifact.Rm,
+ CapAdd: createArtifact.CapAdd,
+ CapDrop: createArtifact.CapDrop,
+ DNS: createArtifact.DNSServers,
+ DNSOptions: createArtifact.DNSOpt,
+ DNSSearch: createArtifact.DNSSearch,
+ PidMode: string(createArtifact.PidMode),
+ CgroupParent: createArtifact.CgroupParent,
+ ShmSize: createArtifact.Resources.ShmSize,
+ Memory: createArtifact.Resources.Memory,
+ Ulimits: createArtifact.Resources.Ulimit,
+ SecurityOpt: createArtifact.SecurityOpts,
+ Tmpfs: createArtifact.Tmpfs,
+ },
+ &InspectContainerConfig{
+ Hostname: spec.Hostname,
+ User: spec.Process.User,
+ Env: spec.Process.Env,
+ Image: config.RootfsImageName,
+ WorkingDir: spec.Process.Cwd,
+ Labels: config.Labels,
+ Annotations: spec.Annotations,
+ Tty: spec.Process.Terminal,
+ OpenStdin: config.Stdin,
+ StopSignal: config.StopSignal,
+ Cmd: config.Spec.Process.Args,
+ Entrypoint: strings.Join(createArtifact.Entrypoint, " "),
+ Healthcheck: config.HealthCheckConfig,
+ },
+ }
+ return data, nil
+}
+
+func getCPUInfo(spec *specs.Spec) (string, string, *uint64, *int64, *uint64, *int64, *uint64) {
+ if spec.Linux.Resources == nil {
+ return "", "", nil, nil, nil, nil, nil
+ }
+ cpu := spec.Linux.Resources.CPU
+ if cpu == nil {
+ return "", "", nil, nil, nil, nil, nil
+ }
+ return cpu.Cpus, cpu.Mems, cpu.Period, cpu.Quota, cpu.RealtimePeriod, cpu.RealtimeRuntime, cpu.Shares
+}
+
+func getBLKIOInfo(spec *specs.Spec) (*uint16, []specs.LinuxWeightDevice, []specs.LinuxThrottleDevice, []specs.LinuxThrottleDevice, []specs.LinuxThrottleDevice, []specs.LinuxThrottleDevice) {
+ if spec.Linux.Resources == nil {
+ return nil, nil, nil, nil, nil, nil
+ }
+ blkio := spec.Linux.Resources.BlockIO
+ if blkio == nil {
+ return nil, nil, nil, nil, nil, nil
+ }
+ return blkio.Weight, blkio.WeightDevice, blkio.ThrottleReadBpsDevice, blkio.ThrottleWriteBpsDevice, blkio.ThrottleReadIOPSDevice, blkio.ThrottleWriteIOPSDevice
+}
+
+func getMemoryInfo(spec *specs.Spec) (*int64, *int64, *int64, *uint64, *bool) {
+ if spec.Linux.Resources == nil {
+ return nil, nil, nil, nil, nil
+ }
+ memory := spec.Linux.Resources.Memory
+ if memory == nil {
+ return nil, nil, nil, nil, nil
+ }
+ return memory.Kernel, memory.Reservation, memory.Swap, memory.Swappiness, memory.DisableOOMKiller
+}
+
+func getPidsInfo(spec *specs.Spec) *int64 {
+ if spec.Linux.Resources == nil {
+ return nil
+ }
+ pids := spec.Linux.Resources.Pids
+ if pids == nil {
+ return nil
+ }
+ return &pids.Limit
+}
+
+func getCgroup(spec *specs.Spec) string {
+ cgroup := "host"
+ for _, ns := range spec.Linux.Namespaces {
+ if ns.Type == specs.CgroupNamespace && ns.Path != "" {
+ cgroup = "container"
+ }
+ }
+ return cgroup
+}
diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile
index 6ab082efc..3583e1c54 100644
--- a/contrib/podmanimage/upstream/Dockerfile
+++ b/contrib/podmanimage/upstream/Dockerfile
@@ -21,7 +21,6 @@ RUN dnf -y install --exclude container-selinux \
--enablerepo=updates-testing \
atomic-registries \
btrfs-progs-devel \
- conmon \
containernetworking-cni \
device-mapper-devel \
git \
@@ -49,7 +48,7 @@ RUN dnf -y install --exclude container-selinux \
make BUILDTAGS="selinux seccomp"; \
make install PREFIX=/usr; \
cd /root/podman; \
- git clone https://github.com/containers/conmon; \
+ git clone https://github.com/containers/conmon /root/podman/conmon; \
cd conmon; \
make; \
install -D -m 755 bin/conmon /usr/libexec/podman/conmon; \
@@ -57,15 +56,15 @@ RUN dnf -y install --exclude container-selinux \
cd $GOPATH/src/github.com/containernetworking/plugins; \
./build_linux.sh; \
mkdir -p /usr/libexec/cni; \
- cp bin/* /usr/libexec/cni; \
+ \cp -fR bin/* /usr/libexec/cni; \
mkdir -p /etc/cni/net.d; \
- curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | sudo tee /etc/cni/net.d/99-loopback.conf; \
+ curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf; \
mkdir -p /usr/share/containers; \
- cp $GOPATH/podman/src/github.com/containers/libpod/libpod.conf /usr/share/containers; \
+ cp $GOPATH/src/github.com/containers/libpod/libpod.conf /usr/share/containers; \
# Adjust libpod.conf to write logging to a file
sed -i 's/events_logger = "journald"/events_logger = "file"/g' /usr/share/containers/libpod.conf; \
rm -rf /root/podman/*; \
- dnf -y remove bats git golang go-md2man make; \
+ dnf -y remove git golang go-md2man make; \
dnf clean all;
# Adjust storage.conf to enable Fuse storage.
diff --git a/docs/podman-attach.1.md b/docs/podman-attach.1.md
index 11cecc16c..b8d2fa9a1 100644
--- a/docs/podman-attach.1.md
+++ b/docs/podman-attach.1.md
@@ -14,11 +14,11 @@ You can detach from the container (and leave it running) using a configurable ke
sequence is `ctrl-p,ctrl-q`. You configure the key sequence using the --detach-keys option
## OPTIONS
-**--detach-keys**=""
+**--detach-keys**=*char*
Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
@@ -33,7 +33,7 @@ Do not attach STDIN. The default is false.
Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*.
-## EXAMPLES ##
+## EXAMPLES
```
$ podman attach foobar
diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md
index 1b86992d9..12e8c3bf0 100644
--- a/docs/podman-build.1.md
+++ b/docs/podman-build.1.md
@@ -21,19 +21,19 @@ When a Git repository is set as the URL, the repository is cloned locally and th
## OPTIONS
-**--add-host**=[]
+**--add-host**=*host*
Add a custom host-to-IP mapping (host:ip)
Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option can be set multiple times.
-**--annotation** *annotation*
+**--annotation**=*annotation*
Add an image *annotation* (e.g. annotation=*value*) to the image metadata. Can be used multiple times.
Note: this information is not present in Docker image formats, so it is discarded when writing images in Docker formats.
-**--authfile** *path*
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. (Not available for remote commands)
@@ -41,7 +41,7 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
-**--build-arg** *arg=value*
+**--build-arg**=*arg=value*
Specifies a build argument and its value, which will be interpolated in
instructions read from the Dockerfiles in the same way that environment
@@ -72,12 +72,12 @@ If a capability is specified to both the **--cap-add** and **--cap-drop**
options, it will be dropped, regardless of the order in which the options were
given.
-**--cert-dir** *path*
+**--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands)
-**--cgroup-parent**=""
+**--cgroup-parent**=*path*
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
@@ -99,13 +99,13 @@ network namespaces, and networking is not disabled.
List of directories in which the CNI plugins which will be used for configuring
network namespaces can be found.
-**--cpu-period**=*0*
+**--cpu-period**=*limit*
Limit the CPU CFS (Completely Fair Scheduler) period
Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
-**--cpu-quota**=*0*
+**--cpu-quota**=*limit*
Limit the CPU CFS (Completely Fair Scheduler) quota
@@ -113,7 +113,7 @@ Limit the container's CPU usage. By default, containers run with the full
CPU resource. This flag tell the kernel to restrict the container's CPU usage
to the quota you specify.
-**--cpu-shares, -c**=*0*
+**--cpu-shares**, **-c**=*shares*
CPU shares (relative weight)
@@ -150,11 +150,11 @@ division of CPU shares:
101 {C1} 1 100% of CPU1
102 {C1} 2 100% of CPU2
-**--cpuset-cpus**=""
+**--cpuset-cpus**=*num*
CPUs in which to allow execution (0-3, 0,1)
-**--cpuset-mems**=""
+**--cpuset-mems**=*nodes*
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
@@ -162,7 +162,7 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
then processes in your container will only use memory from the first
two memory nodes.
-**--creds** *creds*
+**--creds**=*creds*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
@@ -174,19 +174,19 @@ This is a Docker specific option to disable image verification to a Docker
registry and is not supported by Podman. This flag is a NOOP and provided
soley for scripting compatibility.
-**--dns**=[]
+**--dns**=*dns*
Set custom DNS servers
-**--dns-option**=[]
+**--dns-option**=*option*
Set custom DNS options
-**--dns-search**=[]
+**--dns-search**=*domain*
Set custom DNS search domains
-**--file, -f** *Dockerfile*
+**--file**, **-f**=*Dockerfile*
Specifies a Dockerfile which contains instructions for building the image,
either a local file or an **http** or **https** URL. If more than one
@@ -199,7 +199,7 @@ context.
If you specify `-f -`, the Dockerfile contents will be read from stdin.
-**--force-rm** *bool-value*
+**--force-rm**=*true|false*
Always remove intermediate containers after a build, even if the build is unsuccessful.
@@ -212,11 +212,15 @@ Recognized formats include *oci* (OCI image-spec v1.0, the default) and
Note: You can also override the default format by setting the BUILDAH\_FORMAT
environment variable. `export BUILDAH_FORMAT=docker`
-**--iidfile** *ImageIDfile*
+**-h**, **--help**
+
+Print usage statement
+
+**--iidfile**=*ImageIDfile*
Write the image ID to the file.
-**--ipc** *how*
+**--ipc**=*how*
Sets the configuration for IPC namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -225,7 +229,7 @@ that the IPC namespace in which `podman` itself is being run should be reused,
or it can be the path to an IPC namespace which is already in use by
another process.
-**--isolation** *type*
+**--isolation**=*type*
Controls what type of isolation is used for running processes as part of `RUN`
instructions. Recognized types include *oci* (OCI-compatible runtime, the
@@ -239,7 +243,7 @@ chroot(1) than container technology).
Note: You can also override the default isolation type by setting the
BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci`
-**--label** *label*
+**--label**=*label*
Add an image *label* (e.g. label=*value*) to the image metadata. Can be used multiple times.
@@ -250,12 +254,12 @@ Cache intermediate images during the build process (Default is `true`).
Note: You can also override the default value of layers by setting the BUILDAH\_LAYERS
environment variable. `export BUILDAH_LAYERS=true`
-**--logfile** *filename*
+**--logfile**=*filename*
Log output which would be sent to standard output and standard error to the
specified file instead of to standard output and standard error.
-**--memory, -m**=""
+**--memory**, **-m**=*LIMIT*
Memory limit (format: <number>[<unit>], where unit = b, k, m or g)
Allows you to constrain the memory available to a container. If the host
@@ -264,7 +268,7 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).
-**--memory-swap**="LIMIT"
+**--memory-swap**=*LIMIT*
A limit value equal to memory plus swap. Must be used with the **-m**
(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
@@ -275,8 +279,7 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-**--net** *how*
-**--network** *how*
+**--net**, **--network**=*string*
Sets the configuration for network namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -289,7 +292,7 @@ another process.
Do not use existing cached images for the container build. Build from the start with a new set of cached layers.
-**--pid** *how*
+**--pid**=*pid*
Sets the configuration for PID namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -316,17 +319,17 @@ Defaults to *true*.
Pull the image from the first registry it is found in as listed in registries.conf.
Raise an error if not found in the registries, even if the image is present locally.
-**--quiet, -q**
+**--quiet**, **-q**
Suppress output messages which indicate which instruction is being processed,
and of progress when pulling images from a registry, and when writing the
output image.
-**--rm** *bool-value*
+**--rm**=*true|false*
Remove intermediate containers after a successful build (default true).
-**--runtime** *path*
+**--runtime**=*path*
The *path* to an alternate OCI-compatible runtime, which will be used to run
commands specified by the **RUN** instruction.
@@ -334,7 +337,7 @@ commands specified by the **RUN** instruction.
Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME
environment variable. `export BUILDAH_RUNTIME=/usr/local/bin/runc`
-**--runtime-flag** *flag*
+**--runtime-flag**=*flag*
Adds global flags for the container rutime. To list the supported flags, please
consult the manpages of the selected container runtime (`runc` is the default
@@ -343,7 +346,7 @@ runtime, the manpage to consult is `runc(8)`).
Note: Do not pass the leading `--` to the flag. To pass the runc flag `--log-format json`
to podman build, the option given would be `--runtime-flag log-format=json`.
-**--security-opt**=[]
+**--security-opt**=*option*
Security Options
@@ -360,7 +363,7 @@ Security Options
"apparmor=unconfined" : Turn off apparmor confinement for the container
"apparmor=your-profile" : Set the apparmor confinement profile for the container
-**--shm-size**=""
+**--shm-size**=*size*
Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes).
@@ -370,19 +373,19 @@ If you omit the unit, the system uses bytes. If you omit the size entirely, the
Squash all of the new image's layers (including those inherited from a base image) into a single new layer.
-**--tag, -t** *imageName*
+**--tag**, **-t**=*imageName*
Specifies the name which will be assigned to the resulting image if the build
process completes successfully.
If _imageName_ does not include a registry name, the registry name *localhost* will be prepended to the image name.
-**--target** *stageName*
+**--target**=*stageName*
Set the target build stage to build. When building a Dockerfile with multiple build stages, --target
can be used to specify an intermediate build stage by name as the final stage for the resulting image.
Commands after the target stage will be skipped.
-**--tls-verify** *bool-value*
+**--tls-verify**=*true|false*
Require HTTPS and verify certificates when talking to container registries (defaults to true). (Not available for remote commands)
@@ -407,7 +410,7 @@ include:
"sigpending": maximum number of pending signals (ulimit -i)
"stack": maximum stack size (ulimit -s)
-**--userns** *how*
+**--userns**=*how*
Sets the configuration for user namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -416,7 +419,7 @@ the user namespace in which `podman` itself is being run should be reused, or
it can be the path to an user namespace which is already in use by another
process.
-**--userns-uid-map** *mapping*
+**--userns-uid-map**=*mapping*
Directly specifies a UID mapping which should be used to set ownership, at the
filesytem level, on the working container's contents.
@@ -437,7 +440,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-uid-map
are specified, but --userns-gid-map is specified, the UID map will be set to
use the same numeric values as the GID map.
-**--userns-gid-map** *mapping*
+**--userns-gid-map**=*mapping*
Directly specifies a GID mapping which should be used to set ownership, at the
filesytem level, on the working container's contents.
@@ -458,7 +461,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-gid-map
are specified, but --userns-uid-map is specified, the GID map will be set to
use the same numeric values as the UID map.
-**--userns-uid-map-user** *user*
+**--userns-uid-map-user**=*user*
Specifies that a UID mapping which should be used to set ownership, at the
filesytem level, on the working container's contents, can be found in entries
@@ -469,7 +472,7 @@ If --userns-gid-map-group is specified, but --userns-uid-map-user is not
specified, `podman` will assume that the specified group name is also a
suitable user name to use as the default setting for this option.
-**--userns-gid-map-group** *group*
+**--userns-gid-map-group**=*group*
Specifies that a GID mapping which should be used to set ownership, at the
filesytem level, on the working container's contents, can be found in entries
@@ -480,7 +483,7 @@ If --userns-uid-map-user is specified, but --userns-gid-map-group is not
specified, `podman` will assume that the specified user name is also a
suitable group name to use as the default setting for this option.
-**--uts** *how*
+**--uts**=*how*
Sets the configuration for UTS namespaces when the handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -489,7 +492,7 @@ that the UTS namespace in which `podman` itself is being run should be reused,
or it can be the path to a UTS namespace which is already in use by another
process.
-**--volume, -v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
+**--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, podman
bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the podman
diff --git a/docs/podman-commit.1.md b/docs/podman-commit.1.md
index 7c74d7a33..bf0df0dda 100644
--- a/docs/podman-commit.1.md
+++ b/docs/podman-commit.1.md
@@ -7,7 +7,7 @@ podman\-commit - Create new image based on the changed container
**podman commit** [*options*] *container* *image*
## DESCRIPTION
-`podman commit` creates an image based on a changed container. The author of the
+**podman commit** creates an image based on a changed container. The author of the
image can be set using the `--author` flag. Various image instructions can be
configured with the `--change` flag and a commit message can be set using the
`--message` flag. The container and its processes are paused while the image is
@@ -19,23 +19,23 @@ If *image* does not begin with a registry name component, `localhost` will be ad
## OPTIONS
-**--author, -a**
+**--author**, **-a**=*author*
Set the author for the committed image
-**--change, -c**
+**--change**, **-c**=*instruction*
Apply the following possible instructions to the created image:
**CMD** | **ENTRYPOINT** | **ENV** | **EXPOSE** | **LABEL** | **ONBUILD** | **STOPSIGNAL** | **USER** | **VOLUME** | **WORKDIR**
Can be set multiple times
-**--format, -f**
+**--format**, **-f**=*format*
Set the format of the image manifest and metadata. The currently supported formats are _oci_ and _docker_. If
not specifically set, the default format used is _oci_.
-**--iidfile** *ImageIDfile*
+**--iidfile**=*ImageIDfile*
Write the image ID to the file.
@@ -43,15 +43,15 @@ Write the image ID to the file.
Include in the committed image any volumes added to the container by the `--volume` or `--mount` options to the `podman create` and `podman run` commands.
-**--message, -m**
+**--message**, **-m**=*message*
Set commit message for committed image. The message field is not supported in _oci_ format.
-**--pause, -p**
+**--pause**, **-p**
Pause the container when creating an image
-**--quiet, -q**
+**--quiet**, **-q**
Suppress output
diff --git a/docs/podman-container-checkpoint.1.md b/docs/podman-container-checkpoint.1.md
index afccdf59a..90c3919a9 100644
--- a/docs/podman-container-checkpoint.1.md
+++ b/docs/podman-container-checkpoint.1.md
@@ -17,17 +17,17 @@ are not deleted if checkpointing fails for further debugging. If checkpointing s
files are theoretically not needed, but if these files are needed Podman can keep the files
for further analysis.
-**--all, -a**
+**--all**, **-a**
Checkpoint all running containers.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, checkpoint the last created container.
The latest option is not supported on the remote client.
-**--leave-running, -R**
+**--leave-running**, **-R**
Leave the container running after checkpointing instead of stopping it.
diff --git a/docs/podman-container-cleanup.1.md b/docs/podman-container-cleanup.1.md
index 2ad39d214..f6bb84113 100644
--- a/docs/podman-container-cleanup.1.md
+++ b/docs/podman-container-cleanup.1.md
@@ -7,16 +7,16 @@ podman\-container\-cleanup - Cleanup Container storage and networks
**podman container cleanup** [*options*] *container*
## DESCRIPTION
-`podman container cleanup` cleans up exited containers by removing all mountpoints and network configuration from the host. The container name or ID can be used. The cleanup command does not remove the containers. Running containers will not be cleaned up.
+**podman container cleanup** cleans up exited containers by removing all mountpoints and network configuration from the host. The container name or ID can be used. The cleanup command does not remove the containers. Running containers will not be cleaned up.
Sometimes container's mount points and network stacks can remain if the podman command was killed or the container ran in daemon mode. This command is automatically executed when you run containers in daemon mode by the conmon process when the container exits.
## OPTIONS
-**--all, a**
+**--all**, **a**
Cleanup all containers.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
diff --git a/docs/podman-container-exists.1.md b/docs/podman-container-exists.1.md
index 8feb736f8..4d988132b 100644
--- a/docs/podman-container-exists.1.md
+++ b/docs/podman-container-exists.1.md
@@ -1,19 +1,23 @@
-% PODMAN(1) Podman Man Pages
-% Brent Baude
-% November 2018
-# NAME
+% podman-container-exists(1)
+
+## NAME
podman-container-exists - Check if a container exists in local storage
-# SYNOPSIS
-**podman container exists** [*-h*|*--help*] *container*
+## SYNOPSIS
+**podman container exists** [*options*] *container*
-# DESCRIPTION
+## DESCRIPTION
**podman container exists** checks if a container exists in local storage. The **ID** or **Name**
of the container may be used as input. Podman will return an exit code
of `0` when the container is found. A `1` will be returned otherwise. An exit code of `125` indicates there
was an issue accessing the local storage.
-## Examples ##
+## OPTIONS
+
+**-h**, **--help**
+Print usage statement
+
+## Examples
Check if an container called `webclient` exists in local storage (the container does actually exist).
```
@@ -34,5 +38,5 @@ $
## SEE ALSO
podman(1)
-# HISTORY
+## HISTORY
November 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-container-prune.1.md b/docs/podman-container-prune.1.md
index 6fd741a3d..26c6b0b49 100644
--- a/docs/podman-container-prune.1.md
+++ b/docs/podman-container-prune.1.md
@@ -1,16 +1,21 @@
-% podman-container-prune (1)
-% Brent Baude
-% December 2018
-# NAME
+% podman-container-prune(1)
+
+## NAME
podman-container-prune - Remove all stopped containers
-# SYNOPSIS
-**podman container prune** [*-h*|*--help*]
+## SYNOPSIS
+**podman container prune** [*options*]
-# DESCRIPTION
+## DESCRIPTION
**podman container prune** removes all stopped containers from local storage.
-## Examples ##
+## OPTIONS
+
+**-h**, **--help**
+
+Print usage statement
+
+## Examples
Remove all stopped containers from local storage
```
@@ -26,5 +31,5 @@ fff1c5b6c3631746055ec40598ce8ecaa4b82aef122f9e3a85b03b55c0d06c23
## SEE ALSO
podman(1), podman-ps
-# HISTORY
+## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-container-restore.1.md b/docs/podman-container-restore.1.md
index 5efc280fe..5b94cd2fa 100644
--- a/docs/podman-container-restore.1.md
+++ b/docs/podman-container-restore.1.md
@@ -24,11 +24,11 @@ processes in the checkpointed container.
Without the **-k**, **--keep** option the checkpoint will be consumed and cannot be used
again.
-**--all, -a**
+**--all**, **-a**
Restore all checkpointed containers.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, restore the last created container.
diff --git a/docs/podman-container-runlabel.1.md b/docs/podman-container-runlabel.1.md
index a54d5c68e..aabeb092d 100644
--- a/docs/podman-container-runlabel.1.md
+++ b/docs/podman-container-runlabel.1.md
@@ -1,21 +1,12 @@
-% PODMAN(1) Podman Man Pages
-% Brent Baude
-% September 2018
-# NAME
+% podman-container-runlabel(1)
+
+## NAME
podman-container-runlabel - Execute Image Label Method
-# SYNOPSIS
-**podman container runlabel**
-[**-h**|**--help**]
-[**--display**]
-[**-n**][**--name**[=*NAME*]]
-[**--rootfs**=*ROOTFS*]
-[**--set**=*NAME*=*VALUE*]
-[**--storage**]
-[**--replace**]
-LABEL IMAGE [ARG...]
-
-# DESCRIPTION
+## SYNOPSIS
+**podman container runlabel** [*options*] *LABEL* *IMAGE* [ARG...]
+
+## DESCRIPTION
**podman container runlabel** reads the provided `LABEL` field in the container
IMAGE and executes the provided value for the label as a command. If this field does not
exist, `podman container runlabel` will just exit.
@@ -51,8 +42,8 @@ is used.
Any additional arguments will be appended to the command.
-# OPTIONS:
-**--authfile**
+## OPTIONS:
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. (Not available for remote commands)
@@ -65,25 +56,25 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
Display the label's value of the image having populated its environment variables.
The runlabel command will not execute if --display is specified.
-**--cert-dir** *path*
+**--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands)
-**--creds**
+**--creds**=*[username[:password]]*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
-**--help** **-h**
+**--help**, **-h**
Print usage statement
-**--name** **-n**=""
+**--name**, **-n**=*name*
Use this name for creating content for the container. NAME will default to the IMAGENAME if it is not specified.
-**--quiet, -q**
+**--quiet**, **-q**
Suppress output information when pulling images
@@ -92,13 +83,24 @@ Suppress output information when pulling images
If a container exists of the default or given name, as needed it will be stopped, deleted and a new container will be
created from this image.
+**--rootfs**=*ROOTFS*
+
+Set rootfs
+
+**--set**=*NAME*=*VALUE*
+
+Set name & value
+
+**--storage**
+Use storage
+
**--tls-verify**
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf (Not available for remote commands)
-## Examples ##
+## Examples
Execute the run label of an image called foobar.
```
@@ -118,5 +120,5 @@ $ sudo podman container runlabel --display run foobar
## SEE ALSO
podman(1)
-# HISTORY
+## HISTORY
September 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-cp.1.md b/docs/podman-cp.1.md
index ee218d66a..bc9f17520 100644
--- a/docs/podman-cp.1.md
+++ b/docs/podman-cp.1.md
@@ -4,7 +4,7 @@
podman\-cp - Copy files/folders between a container and the local filesystem
## SYNOPSIS
-**podman cp** [*container*:]*src_path* [*container*:]*dest_path*
+**podman cp** [*options*] [*container*:]*src_path* [*container*:]*dest_path*
## DESCRIPTION
Copies the contents of **src_path** to the **dest_path**. You can copy from the containers's filesystem to the local machine or the reverse, from the local filesystem to the container.
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index eafc6e27f..88f8fe8c7 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -17,19 +17,19 @@ any point.
The initial status of the container created with **podman create** is 'created'.
## OPTIONS
-**--add-host**=[]
+**--add-host**=*host*
Add a custom host-to-IP mapping (host:ip)
Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
option can be set multiple times.
-**--annotation**=[]
+**--annotation**=*key=value*
Add an annotation to the container. The format is key=value.
The **--annotation** option can be set multiple times.
-**--attach**, **-a**=[]
+**--attach**, **-a**=*location*
Attach to STDIN, STDOUT or STDERR.
@@ -40,42 +40,42 @@ error. It can even pretend to be a TTY (this is what most commandline
executables expect) and pass along signals. The **-a** option can be set for
each of stdin, stdout, and stderr.
-**--authfile**
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path` (Not available for remote commands)
-**--blkio-weight**=*0*
+**--blkio-weight**=*weight*
Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-**--blkio-weight-device**=[]
+**--blkio-weight-device**=*weight*
Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-**--cap-add**=[]
+**--cap-add**=*capabilitiy*
Add Linux capabilities
-**--cap-drop**=[]
+**--cap-drop**=*capabilitiy*
Drop Linux capabilities
-**--cgroup-parent**=""
+**--cgroup-parent**=*path*
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-**--cidfile**=""
+**--cidfile**=*id*
Write the container ID to the file
-**--conmon-pidfile**=""
+**--conmon-pidfile**=*path*
Write the pid of the `conmon` process to a file. `conmon` runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers.
-**--cpu-count**=*0*
+**--cpu-count**=*limit*
Limit the number of CPUs available for execution by the container.
@@ -83,13 +83,13 @@ On Windows Server containers, this is approximated as a percentage of total CPU
On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
-**--cpu-period**=*0*
+**--cpu-period**=*limit*
Limit the CPU CFS (Completely Fair Scheduler) period
Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
-**--cpu-quota**=*0*
+**--cpu-quota**=*limit*
Limit the CPU CFS (Completely Fair Scheduler) quota
@@ -97,13 +97,13 @@ Limit the container's CPU usage. By default, containers run with the full
CPU resource. This flag tell the kernel to restrict the container's CPU usage
to the quota you specify.
-**--cpu-rt-period**=0
+**--cpu-rt-period**=*microseconds*
Limit the CPU real-time period in microseconds
Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
-**--cpu-rt-runtime**=0
+**--cpu-rt-runtime**=*microseconds*
Limit the CPU real-time runtime in microseconds
@@ -112,7 +112,7 @@ Period of 1,000,000us and Runtime of 950,000us means that this container could c
The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-**--cpu-shares**=*0*
+**--cpu-shares**=*shares*
CPU shares (relative weight)
@@ -149,15 +149,15 @@ PID container CPU CPU share
101 {C1} 1 100% of CPU1
102 {C1} 2 100% of CPU2
-**--cpus**=0.0
+**--cpus**=*number*
Number of CPUs. The default is *0.0* which means no limit.
-**--cpuset-cpus**=""
+**--cpuset-cpus**=*cpus*
CPUs in which to allow execution (0-3, 0,1)
-**--cpuset-mems**=""
+**--cpuset-mems**=*nodes*
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
@@ -165,7 +165,7 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
then processes in your container will only use memory from the first
two memory nodes.
-**--detach**, **-d**=*true*|*false*
+**--detach**, **-d**=*true|false*
Detached mode: run the container in the background and print the new container ID. The default is *false*.
@@ -178,31 +178,31 @@ running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl
You configure the key sequence using the **--detach-keys** option or a configuration file.
See **config-json(5)** for documentation on using a configuration file.
-**--detach-keys**=""
+**--detach-keys**=*char*
Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`.
-**--device**=[]
+**--device**=*device*
Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
-**--device-read-bps**=[]
+**--device-read-bps**=*path*
Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
-**--device-read-iops**=[]
+**--device-read-iops**=*path*
Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
-**--device-write-bps**=[]
+**--device-write-bps**=*path*
Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
-**--device-write-iops**=[]
+**--device-write-iops**=*path*
Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
-**--dns**=[]
+**--dns**=*dns*
Set custom DNS servers
@@ -214,15 +214,15 @@ is the case the **--dns** flags is necessary for every run.
The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman.
The **/etc/resolv.conf** file in the image will be used without changes.
-**--dns-option**=[]
+**--dns-option**=*option*
Set custom DNS options
-**--dns-search**=[]
+**--dns-search**=*domain*
Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
-**--entrypoint** *"command"* | *'["command", "arg1", ...]'*
+**--entrypoint**=*"command"* | *'["command", "arg1", ...]'*
Overwrite the default ENTRYPOINT of the image
@@ -239,7 +239,7 @@ ENTRYPOINT.
You need to specify multi option commands in the form of a json string.
-**--env**, **-e**=[]
+**--env**, **-e**=*env*
Set environment variables
@@ -247,50 +247,50 @@ This option allows you to specify arbitrary
environment variables that are available for the process that will be launched
inside of the container.
-**--env-file**=[]
+**--env-file**=*file*
Read in a line delimited file of environment variables
-**--expose**=[]
+**--expose**=*port*
Expose a port, or a range of ports (e.g. --expose=3300-3310) to set up port redirection
on the host system.
-**--gidmap**=map
+**--gidmap**=*container_gid:host_gid:amount*
GID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `--userns` and `--subgidname` flags.
-The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host.
+The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000`
-**--group-add**=[]
+**--group-add**=*group*
Add additional groups to run as
-**--healthcheck**=""
+**--healthcheck**=*command*
Set or alter a healthcheck command for a container. The command is a command to be executed inside your
container that determines your container health. The command is required for other healthcheck options
to be applied. A value of `none` disables existing healthchecks.
-**--healthcheck-interval**=""
+**--healthcheck-interval**=*interval*
Set an interval for the healthchecks (a value of `disable` results in no automatic timer setup) (default "30s")
-**--healthcheck-retries=**
+**--healthcheck-retries**=*retries*
The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is `3`.
-**--healthcheck-start-period**=""
+**--healthcheck-start-period**=*period*
The initialization time needed for a container to bootstrap. The value can be expressed in time format like
`2m3s`. The default value is `0s`
-**--healthcheck-timeout**=""
+**--healthcheck-timeout**=*timeout*
The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the
value can be expressed in a time format such as `1m22s`. The default value is `30s`.
-**--hostname**=""
+**--hostname**=*name*
Container host name
@@ -300,7 +300,7 @@ Sets the container host name that is available inside the container.
Print usage statement
-**--http-proxy**=*true*|*false*
+**--http-proxy**=*true|false*
By default proxy environment variables are passed into the container if set
for the podman process. This can be disabled by setting the `--http-proxy`
@@ -320,7 +320,7 @@ container:
Defaults to `true`
-**--image-volume**, **builtin-volume**=*bind*|*tmpfs*|*ignore*
+**--image-volume**, **builtin-volume**=*bind|tmpfs|ignore*
Tells podman how to handle the builtin image volumes. The options are: 'bind', 'tmpfs', or 'ignore' (default 'bind').
bind: A directory is created inside the container state directory and bind mounted into
@@ -333,32 +333,32 @@ ignore: All volumes are just ignored and no action is taken.
Run an init inside the container that forwards signals and reaps processes.
-**--init-path**=""
+**--init-path**=*path*
Path to the container-init binary.
-**--interactive**, **-i**=*true*|*false*
+**--interactive**, **i**=*true|false*
Keep STDIN open even if not attached. The default is *false*.
-**--ip6**=""
+**--ip6**=*ip*
Not implemented
-**--ip**=""
+**--ip**=*ip*
Specify a static IP address for the container, for example '10.88.64.128'.
Can only be used if no additional CNI networks to join were specified via '--network=<network-name>', and if the container is not joining another container's network namespace via '--network=container:<name|id>'.
The address must be within the default CNI network's pool (default 10.88.0.0/16).
-**--ipc**=""
+**--ipc**=*ipc*
Default is to create a private IPC namespace (POSIX SysV IPC) for the container
'container:<name|id>': reuses another container shared memory, semaphores and message queues
'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
'ns:<path>' path to an IPC namespace to join.
-**--kernel-memory**=""
+**--kernel-memory**=*number[unit]*
Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
@@ -368,15 +368,15 @@ is not limited. If you specify a limit, it may be rounded up to a multiple
of the operating system's page size and the value can be very large,
millions of trillions.
-**--label**, **-l**=[]
+**--label**, **-l**=*label*
Add metadata to a container (e.g., --label com.example.key=value)
-**--label-file**=[]
+**--label-file**=*file*
Read in a line delimited file of labels
-**--link-local-ip**=[]
+**--link-local-ip**=*ip*
Not implemented
@@ -384,13 +384,13 @@ Not implemented
Logging driver for the container. Currently not supported. This flag is a NOOP provided soley for scripting compatibility.
-**--log-opt**=[]
+**--log-opt**=*path*
Logging driver specific options. Used to set the path to the container log file. For example:
`--log-opt path=/var/log/container/mycontainer.json`
-**--mac-address**=""
+**--mac-address**=*address*
Container MAC address (e.g. 92:d0:c6:0a:29:33)
@@ -400,7 +400,7 @@ according to RFC4862.
Not currently supported
-**--memory**, **-m**=""
+**--memory**, **-m**=*limit*
Memory limit (format: <number>[<unit>], where unit = b, k, m or g)
@@ -410,7 +410,7 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).
-**--memory-reservation**=""
+**--memory-reservation**=*limit*
Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
@@ -420,7 +420,7 @@ reservation. So you should always set the value below **--memory**, otherwise th
hard limit will take precedence. By default, memory reservation will be the same
as memory limit.
-**--memory-swap**="LIMIT"
+**--memory-swap**=*limit*
A limit value equal to memory plus swap. Must be used with the **-m**
(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
@@ -431,7 +431,7 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-**--memory-swappiness**=""
+**--memory-swappiness**=*number*
Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
@@ -465,7 +465,7 @@ Current supported mount TYPES are bind, and tmpfs.
· tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
-**--name**=""
+**--name**=*name*
Assign a name to the container
@@ -490,26 +490,26 @@ Set the Network mode for the container
'ns:<path>': path to a network namespace to join
'slirp4netns': use slirp4netns to create a user network stack. This is the default for rootless containers
-**--network-alias**=[]
+**--network-alias**=*alias*
Not implemented
-**--no-hosts**=*true*|*false*
+**--no-hosts**=*true|false*
Do not create /etc/hosts for the container.
By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **--add-host**.
**--no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified.
This option conflicts with **--add-host**.
-**--oom-kill-disable**=*true*|*false*
+**--oom-kill-disable**=*true|false*
Whether to disable OOM Killer for the container or not.
-**--oom-score-adj**=""
+**--oom-score-adj**=*num*
Tune the host's OOM preferences for containers (accepts -1000 to 1000)
-**--pid**=""
+**--pid**=*pid*
Set the PID mode for the container
Default is to create a private PID namespace for the container
@@ -517,16 +517,16 @@ Default is to create a private PID namespace for the container
'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
'ns': join the specified PID namespace
-**--pids-limit**=""
+**--pids-limit**=*limit*
Tune the container's pids limit. Set `-1` to have unlimited pids for the container.
-**--pod**=""
+**--pod**=*name*
Run container in an existing pod. If you want podman to make the pod for you, preference the pod name with `new:`.
To make a pod with more granular options, use the `podman pod create` command before creating a container.
-**--privileged**=*true*|*false*
+**--privileged**=*true|false*
Give extended privileges to this container. The default is *false*.
@@ -540,7 +540,7 @@ to all devices on the host, turns off graphdriver mount options, as well as
turning off most of the security measures protecting the host from the
container.
-**--publish**, **-p**=[]
+**--publish**, **-p**=*port*
Publish a container's port, or range of ports, to the host
@@ -552,7 +552,7 @@ but not `podman run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanR
With ip: `podman run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage`
Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT`
-**--publish-all**, **-P**=*true*|*false*
+**--publish-all**, **-P**=*true|false*
Publish all exposed ports to random ports on the host interfaces. The default is *false*.
@@ -564,11 +564,11 @@ port to a random port on the host within an *ephemeral port range* defined by
`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
ports and the exposed ports, use `podman port`.
-**--quiet, -q**
+**--quiet**, **-q**
Suppress output information when pulling images
-**--read-only**=*true*|*false*
+**--read-only**=*true|false*
Mount the container's root filesystem as read only.
@@ -576,10 +576,11 @@ By default a container will have its root filesystem writable allowing processes
to write files anywhere. By specifying the `--read-only` flag the container will have
its root filesystem mounted as read only prohibiting any writes.
-**--read-only-tmpfs**=*true*|*false*
+**--read-only-tmpfs**=*true|false*
+
If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is *true*
-**--restart=""**
+**--restart**=*policy*
Restart policy to follow when containers exit.
Restart policy will not take effect if a container is stopped via the `podman kill` or `podman stop` commands.
@@ -593,7 +594,7 @@ Please note that restart will not restart containers after a system reboot.
If this functionality is required in your environment, you can invoke Podman from a systemd unit file, or create an init script for whichever init system is in use.
To generate systemd unit files, please see *podman generate systemd*
-**--rm**=*true*|*false*
+**--rm**=*true|false*
Automatically remove the container when it exits. The default is *false*.
@@ -608,7 +609,7 @@ If specified, the first argument refers to an exploded container on the file sys
This is useful to run a container without requiring any image management, the rootfs
of the container is assumed to be managed externally.
-**--security-opt**=[]
+**--security-opt**=*option*
Security Options
@@ -628,7 +629,7 @@ Security Options
Note: Labelling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.
-**--shm-size**=""
+**--shm-size**=*size*
Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes).
@@ -638,19 +639,19 @@ If you omit the unit, the system uses bytes. If you omit the size entirely, the
Signal to stop a container. Default is SIGTERM.
-**--stop-timeout**=*10*
+**--stop-timeout**=*seconds*
Timeout (in seconds) to stop a container. Default is 10.
-**--subgidname**=name
+**--subgidname**=*name*
Name for GID map from the `/etc/subgid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--gidmap`.
-**--subuidname**=name
+**--subuidname**=*name*
Name for UID map from the `/etc/subuid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--uidmap`.
-**--sysctl**=SYSCTL
+**--sysctl**=*SYSCTL*
Configure namespaced kernel parameters at runtime
@@ -666,7 +667,7 @@ Network Namespace - current sysctls allowed:
Note: if you use the --network=host option these sysctls will not be allowed.
-**--systemd**=*true*|*false*
+**--systemd**=*true|false*
Run container in systemd mode. The default is *true*.
@@ -685,7 +686,9 @@ The `container_manage_cgroup` boolean must be enabled for this to be allowed on
`setsebool -P container_manage_cgroup true`
-**--tmpfs**=[] Create a tmpfs mount
+**--tmpfs**=*fs*
+
+Create a tmpfs mount
Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
@@ -696,7 +699,7 @@ options are the same as the Linux default `mount` flags. If you do not specify
any options, the systems uses the following options:
`rw,noexec,nosuid,nodev,size=65536k`.
-**--tty**, **-t**=*true*|*false*
+**--tty**, **-t**=*true|false*
Allocate a pseudo-TTY. The default is *false*.
@@ -707,17 +710,17 @@ interactive shell. The default is false.
Note: The **-t** option is incompatible with a redirection of the podman client
standard input.
-**--uidmap**=map
+**--uidmap**=*container_uid:host_uid:amount*
UID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `--userns` and `--subuidname` flags.
-The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host.
+The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host. `--uidmap=0:30000:2000`
-**--ulimit**=[]
+**--ulimit**=*option*
Ulimit options
-**--user**, **-u**=""
+**--user**, **-u**=*user*
Sets the username or UID used and optionally the groupname or GID for the specified command.
@@ -726,9 +729,9 @@ The followings examples are all valid:
Without this argument the command will be run as root in the container.
-**--userns**=host
-**--userns**=keep-id
-**--userns**=ns:my_namespace
+**--userns**=*host*
+**--userns**=*keep-id*
+**--userns**=*ns:my_namespace*
Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value means user namespaces are disabled.
@@ -844,7 +847,7 @@ If the location of the volume from the source container overlaps with
data residing on a target container, then the volume hides
that data on the target.
-**--workdir**, **-w**=""
+**--workdir**, **-w**=*dir*
Working directory inside the container
diff --git a/docs/podman-diff.1.md b/docs/podman-diff.1.md
index 8837b744f..8d67ed82c 100644
--- a/docs/podman-diff.1.md
+++ b/docs/podman-diff.1.md
@@ -15,7 +15,7 @@ Displays changes on a container or image's filesystem. The container or image w
Alter the output into a different format. The only valid format for diff is `json`.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
diff --git a/docs/podman-events.1.md b/docs/podman-events.1.md
index 3ccecac28..2097bb1f9 100644
--- a/docs/podman-events.1.md
+++ b/docs/podman-events.1.md
@@ -71,7 +71,7 @@ Print usage statement.
Format the output using the given Go template. An output value of *json* is not supported.
-**--filter**=[]
+**--filter**=*filter*
Filter events that are displayed. They must be in the format of "filter=value". The following
filters are supported:
@@ -84,12 +84,12 @@ filters are supported:
In the case where an ID is used, the ID may be in its full or shortened form.
-**--since**=[]
+**--since**=*timestamp*
Show all events created since the given timestamp
-**--until**=[]
+**--until**=*timestamp*
Show all events created until the given timestamp
diff --git a/docs/podman-exec.1.md b/docs/podman-exec.1.md
index b74713b0b..a6a58df01 100644
--- a/docs/podman-exec.1.md
+++ b/docs/podman-exec.1.md
@@ -10,23 +10,23 @@ podman\-exec - Execute a command in a running container
**podman exec** executes a command in a running container.
## OPTIONS
-**--env, -e**
+**--env**, **-e**
You may specify arbitrary environment variables that are available for the
command to be executed.
-**--interactive, -i**
+**--interactive**, **-i**
Not supported. All exec commands are interactive by default.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
The latest option is not supported on the remote client.
-**--preserve-fds=N**
+**--preserve-fds**=*N*
Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs will be 3+N.
@@ -34,17 +34,17 @@ Pass down to the process N additional file descriptors (in addition to 0, 1, 2).
Give the process extended Linux capabilities when running the command in container.
-**--tty, -t**
+**--tty**, **-t**
Allocate a pseudo-TTY.
-**--user, -u**
+**--user**, **-u**
Sets the username or UID used and optionally the groupname or GID for the specified command.
The following examples are all valid:
--user [user | user:group | uid | uid:gid | user:gid | uid:group ]
-**--workdir**, **-w**=""
+**--workdir**, **-w**=*path*
Working directory inside the container
diff --git a/docs/podman-export.1.md b/docs/podman-export.1.md
index 5928a8080..27ebc724f 100644
--- a/docs/podman-export.1.md
+++ b/docs/podman-export.1.md
@@ -20,7 +20,7 @@ Note: `:` is a restricted character and cannot be part of the file name.
## OPTIONS
-**--output, -o**
+**--output**, **-o**
Write to a file, default is STDOUT
diff --git a/docs/podman-generate-kube.1.md b/docs/podman-generate-kube.1.md
index 99029be90..dd9068ef1 100644
--- a/docs/podman-generate-kube.1.md
+++ b/docs/podman-generate-kube.1.md
@@ -1,30 +1,25 @@
-% podman-generate Podman Man Pages
-% Brent Baude
-% December 2018
-# NAME
+% podman-generate-kube(1)
+## NAME
podman-generate-kube - Generate Kubernetes YAML
-# SYNOPSIS
-**podman generate kube** [*-s*|*--service*] *container* | *pod*
+## SYNOPSIS
+**podman generate kube** [*options*] *container* | *pod*
-# DESCRIPTION
+## DESCRIPTION
**podman generate kube** will generate Kubernetes Pod YAML (v1 specification) from a podman container or pod. Whether
the input is for a container or pod, Podman will always generate the specification as a Pod. The input may be in the form
of a pod or container name or ID.
-The **service** option can be used to generate a Service specification for the corresponding Pod ouput. In particular,
-if the object has portmap bindings, the service specification will include a NodePort declaration to expose the service. A
-random port is assigned by Podman in the specification.
-
Note that the generated Kubernetes YAML file can be used to re-run the deployment via podman-play-kube(1).
-# OPTIONS:
+## OPTIONS:
-**--service** **-s**
+**--service**, **-s**
-Generate a Kubernetes service object in addition to the Pods.
+Generate a Kubernetes service object in addition to the Pods. Used to generate a Service specification for the corresponding Pod ouput. In particular, if the object has portmap bindings, the service specification will include a NodePort declaration to expose the service. A
+random port is assigned by Podman in the specification.
-## Examples ##
+## Examples
Create Kubernetes Pod YAML for a container called `some-mariadb` .
```
@@ -147,5 +142,5 @@ status:
## SEE ALSO
podman(1), podman-container(1), podman-pod(1), podman-play-kube(1)
-# HISTORY
+## HISTORY
Decemeber 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-generate-systemd.1.md b/docs/podman-generate-systemd.1.md
index cc3f098a6..09752480d 100644
--- a/docs/podman-generate-systemd.1.md
+++ b/docs/podman-generate-systemd.1.md
@@ -1,34 +1,32 @@
-% podman-generate Podman Man Pages
-% Brent Baude
-% April 2019
-# NAME
+% podman-generate-systemd(1)
+
+## NAME
podman-generate-systemd- Generate Systemd Unit file
-# SYNOPSIS
-**podman generate systemd** [*-n*|*--name*] [*-t*|*--timeout*] [*--restart-policy*] *container*
+## SYNOPSIS
+**podman generate systemd** [*options*] *container*
-# DESCRIPTION
+## DESCRIPTION
**podman generate systemd** will create a Systemd unit file that can be used to control a container. The
command will dynamically create the unit file and output it to stdout where it can be piped by the user
to a file. The options can be used to influence the results of the output as well.
-# OPTIONS:
+## OPTIONS:
-**--name** **-n**
+**--name**, **-n**
Use the name of the container for the start, stop, and description in the unit file
-**--timeout** **-t**
+**--timeout**, **-t**=*value*
Override the default stop timeout for the container with the given value.
-**--restart-policy**
+**--restart-policy**=*policy*
Set the SystemD restart policy. The restart-policy must be one of: "no", "on-success", "on-failure", "on-abnormal",
"on-watchdog", "on-abort", or "always". The default policy is *on-failure*.
-## Examples ##
-
+## Examples
Create a systemd unit file for a container running nginx:
```
@@ -65,5 +63,5 @@ WantedBy=multi-user.target
## SEE ALSO
podman(1), podman-container(1)
-# HISTORY
+## HISTORY
April 2019, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-history.1.md b/docs/podman-history.1.md
index b8f86026b..5ee87c185 100644
--- a/docs/podman-history.1.md
+++ b/docs/podman-history.1.md
@@ -27,7 +27,7 @@ Valid placeholders for the Go template are listed below:
## OPTIONS
-**--human, -H**
+**--human**, **-H**
Display sizes and dates in human readable format
@@ -35,11 +35,11 @@ Display sizes and dates in human readable format
Do not truncate the output
-**--quiet, -q**
+**--quiet**, **-q**
Print the numeric IDs only
-**--format**
+**--format**=*format*
Alter the output for a format like 'json' or a Go template.
diff --git a/docs/podman-image-exists.1.md b/docs/podman-image-exists.1.md
index 1dc264a6b..f6a89e2aa 100644
--- a/docs/podman-image-exists.1.md
+++ b/docs/podman-image-exists.1.md
@@ -1,19 +1,24 @@
-% PODMAN(1) Podman Man Pages
-% Brent Baude
-% November 2018
-# NAME
+% podman-image-exists(1)
+
+## NAME
podman-image-exists - Check if an image exists in local storage
-# SYNOPSIS
-**podman image exists** [*-h*|*--help*] *image*
+## SYNOPSIS
+**podman image exists** [*options*] *image*
-# DESCRIPTION
+## DESCRIPTION
**podman image exists** checks if an image exists in local storage. The **ID** or **Name**
of the image may be used as input. Podman will return an exit code
of `0` when the image is found. A `1` will be returned otherwise. An exit code of `125` indicates there
was an issue accessing the local storage.
-## Examples ##
+## OPTIONS
+
+**--help**, **-h**
+
+Print usage statement
+
+## Examples
Check if an image called `webclient` exists in local storage (the image does actually exist).
```
@@ -34,5 +39,5 @@ $
## SEE ALSO
podman(1)
-# HISTORY
+## HISTORY
November 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-image-prune.1.md b/docs/podman-image-prune.1.md
index 7d5fd2fc8..52278746d 100644
--- a/docs/podman-image-prune.1.md
+++ b/docs/podman-image-prune.1.md
@@ -1,22 +1,25 @@
-% PODMAN(1) Podman Man Pages
-% Brent Baude
-% December 2018
-# NAME
+% podman-image-prune(1)
+
+## NAME
podman-image-prune - Remove all unused images
-# SYNOPSIS
-**podman image prune** [*-a*|*--all*] [*-h*|*--help*]
+## SYNOPSIS
+**podman image prune** [*options*]
-# DESCRIPTION
+## DESCRIPTION
**podman image prune** removes all dangling images from local storage. With the `all` option,
you can delete all unused images. Unused images are dangling images as well as any image that
does not have any containers based on it.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Remove dangling images and images that have no associated containers.
+**--help**, **-h**
+
+Print usage statement
+
## Examples ##
Remove all dangling images from local storage
@@ -41,5 +44,5 @@ e4e5109420323221f170627c138817770fb64832da7d8fe2babd863148287fca
## SEE ALSO
podman(1), podman-images
-# HISTORY
+## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-image-sign.1.md b/docs/podman-image-sign.1.md
index 804ee03db..c425fcf2e 100644
--- a/docs/podman-image-sign.1.md
+++ b/docs/podman-image-sign.1.md
@@ -1,36 +1,32 @@
% podman-image-sign(1)
-# NAME
+## NAME
podman-image-sign - Create a signature for an image
-# SYNOPSIS
-**podman image sign**
-[**--help**|**-h**]
-[**--directory**|**-d**]
-[**--sign-by**]
-[ IMAGE... ]
+## SYNOPSIS
+**podman image sign** [*options*] *image* [*image* ...]
-# DESCRIPTION
+## DESCRIPTION
**podmain image sign** will create a local signature for one or more local images that have
been pulled from a registry. The signature will be written to a directory
derived from the registry configuration files in /etc/containers/registries.d. By default, the signature will be written into /var/lib/containers/sigstore directory.
-# OPTIONS
-**--help** **-h**
+## OPTIONS
+**--help**, **-h**
Print usage statement.
-**--directory** **-d**
+**--directory**, **-d**=*dir*
Store the signatures in the specified directory. Default: /var/lib/containers/sigstore
-**--sign-by**
+**--sign-by**=*identity*
Override the default identity of the signature.
-# EXAMPLES
+## EXAMPLES
Sign the busybox image with the identify of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/.
sudo podman image sign --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar
-# RELATED CONFIGURATION
+## RELATED CONFIGURATION
The write (and read) location for signatures is defined in YAML-based
configuration files in /etc/containers/registries.d/. When you sign
@@ -48,5 +44,5 @@ the signature will be written into subdirectories of
/var/lib/containers/sigstore/privateregistry.example.com. The use of 'sigstore' also means
the signature will be 'read' from that same location on a pull-related function.
-# HISTORY
+## HISTORY
November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com)
diff --git a/docs/podman-image-tree.1.md b/docs/podman-image-tree.1.md
index 3920aabde..5ffd995f6 100644
--- a/docs/podman-image-tree.1.md
+++ b/docs/podman-image-tree.1.md
@@ -4,8 +4,8 @@
podman\-image\-tree - Prints layer hierarchy of an image in a tree format
## SYNOPSIS
-**podman image tree** [*image*:*tag*]|[*image-id*]
-[**--help**|**-h**]
+**podman image tree** [*options*] *image:tag*|*image-id*
+
## DESCRIPTION
Prints layer hierarchy of an image in a tree format.
diff --git a/docs/podman-image-trust.1.md b/docs/podman-image-trust.1.md
index f96a7996f..7c5b70833 100644
--- a/docs/podman-image-trust.1.md
+++ b/docs/podman-image-trust.1.md
@@ -1,19 +1,13 @@
-% podman-image-trust "1"
+% podman-image-trust(1)
-# NAME
+## NAME
podman\-image\-trust - Manage container registry image trust policy
-# SYNOPSIS
-**podman image trust** set|show
-[**-h**|**--help**]
-[**-j**|**--json**]
-[**--raw**]
-[**-f**|**--pubkeysfile** KEY1 [**-f**|**--pubkeysfile** KEY2,...]]
-[**-t**|**--type** signedBy|accept|reject]
-REGISTRY[/REPOSITORY]
+## SYNOPSIS
+**podman image trust** set|show [*options*] *REGISTRY[/REPOSITORY]*
-# DESCRIPTION
+## DESCRIPTION
Manages which registries you trust as a source of container images based on its location. The location is determined
by the transport and the registry host of the image. Using this container image `docker://docker.io/library/busybox`
as an example, `docker` is the transport and `docker.io` is the registry host.
@@ -40,32 +34,33 @@ Require signature (“signedBy”).
Trust may be updated using the command **podman image trust set** for an existing trust scope.
-# OPTIONS
-**-h** **--help**
+## OPTIONS
+**-h**, **--help**
Print usage statement.
-**-f** **--pubkeysfile**
+**-f**, **--pubkeysfile**=*KEY1*
A path to an exported public key on the local system. Key paths
will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to
require an image be signed by multiple keys. The **--pubkeysfile** option is required for the **signedBy** type.
-**-t** **--type**
- The trust type for this policy entry. Accepted values:
+**-t**, **--type**=*value*
+ The trust type for this policy entry.
+ Accepted values:
**signedBy** (default): Require signatures with corresponding list of
public keys
**accept**: do not require any signatures for this
registry scope
**reject**: do not accept images for this registry scope
-# show OPTIONS
+## show OPTIONS
**--raw**
Output trust policy file as raw JSON
-**-j** **--json**
+**-j**, **--json**
Output trust as JSON for machine parsing
-# EXAMPLES
+## EXAMPLES
Accept all unsigned images from a registry
@@ -87,10 +82,10 @@ Display trust as JSON
sudo podman image trust show --json
-# SEE ALSO
+## SEE ALSO
policy-json(5)
-# HISTORY
+## HISTORY
January 2019, updated by Tom Sweeney (tsweeney at redhat dot com)
December 2018, originally compiled by Qi Wang (qiwan at redhat dot com)
diff --git a/docs/podman-images.1.md b/docs/podman-images.1.md
index 832df0e23..2a732de57 100644
--- a/docs/podman-images.1.md
+++ b/docs/podman-images.1.md
@@ -4,14 +4,14 @@
podman\-images - List images in local storage
## SYNOPSIS
-**podman** **images** [*options*]
+**podman images** [*options*]
## DESCRIPTION
Displays locally stored images, their names, and their IDs.
## OPTIONS
-**--all, -a**
+**-a**, **--all**
Show all images (by default filter out the intermediate image layers). The default is false.
@@ -19,28 +19,28 @@ Show all images (by default filter out the intermediate image layers). The defau
Show image digests
-**--filter, -f=[]**
+**-f**, **--filter**=*filter*
-Filter output based on conditions provided (default [])
+Filter output based on conditions provided
-**--format**
+**--format**=*format*
Change the default output format. This can be of a supported type like 'json'
or a Go template.
-**--noheading, -n**
+**--noheading**, **-n**
Omit the table headings from the listing of images.
-**--no-trunc, --notruncate**
+**--no-trunc**, **--notruncate**
Do not truncate output.
-**--quiet, -q**
+**--quiet**, **-q**
Lists only the image IDs.
-**--sort**
+**--sort**=*sort*
Sort by created, id, repository, size or tag (default: created)
diff --git a/docs/podman-import.1.md b/docs/podman-import.1.md
index d9720f81d..6c625bc8d 100644
--- a/docs/podman-import.1.md
+++ b/docs/podman-import.1.md
@@ -16,17 +16,17 @@ Note: `:` is a restricted character and cannot be part of the file name.
## OPTIONS
-**--change, -c**
+**-c**, **--change**=*instruction*
Apply the following possible instructions to the created image:
**CMD** | **ENTRYPOINT** | **ENV** | **EXPOSE** | **LABEL** | **STOPSIGNAL** | **USER** | **VOLUME** | **WORKDIR**
Can be set multiple times
-**--message, -m**
+**--message**, **-m**=*message*
Set commit message for imported image
-**--quiet, -q**
+**--quiet**, **-q**
Shows progress on the import
diff --git a/docs/podman-info.1.md b/docs/podman-info.1.md
index edd0252f6..a7b259c95 100644
--- a/docs/podman-info.1.md
+++ b/docs/podman-info.1.md
@@ -15,11 +15,11 @@ Displays information pertinent to the host, current storage stats, configured co
## OPTIONS
-**--debug, -D**
+**-D**, **--debug**
Show additional information
-**--format, -f**
+**-f**, **--format**=*format*
Change output format to "json" or a Go template.
diff --git a/docs/podman-init.1.md b/docs/podman-init.1.md
index f43757f62..a6bb391ec 100644
--- a/docs/podman-init.1.md
+++ b/docs/podman-init.1.md
@@ -4,7 +4,7 @@
podman\-init - Initialize one or more containers
## SYNOPSIS
-**podman init** [*options*] *container* ...
+**podman init** [*options*] *container* [*container*...]
## DESCRIPTION
Initialize one or more containers.
@@ -16,11 +16,12 @@ This can be used to inspect the container before it runs, or debug why a contain
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Initialize all containers. Containers that have already initialized (including containers that have been started and are running) are ignored.
-**--latest, -l**
+**--latest**, **-l**
+
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
diff --git a/docs/podman-inspect.1.md b/docs/podman-inspect.1.md
index 8b67c7dac..f1630c713 100644
--- a/docs/podman-inspect.1.md
+++ b/docs/podman-inspect.1.md
@@ -4,7 +4,7 @@
podman\-inspect - Display a container or image's configuration
## SYNOPSIS
-**podman inspect** [*options*] *name* ...
+**podman inspect** [*options*] *name* [...]
**podman image inspect** [*options*] *image*
@@ -17,24 +17,24 @@ unspecified type. If a format is specified, the given template will be executed
## OPTIONS
-**--type, -t="TYPE"**
+**--type**, **-t**=*type*
Return JSON for the specified type. Type can be 'container', 'image' or 'all' (default: all)
(Only meaningful when invoked as *podman inspect*)
-**--format, -f="FORMAT"**
+**--format**, **-f**=*format*
Format the output using the given Go template.
The keys of the returned JSON can be used as the values for the --format flag (see examples below).
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
The latest option is not supported on the remote client or when invoked as *podman image inspect*.
-**--size, -s**
+**--size**, **-s**
Display the total file size if the type is a container
diff --git a/docs/podman-kill.1.md b/docs/podman-kill.1.md
index 1c14b71d5..118246fdb 100644
--- a/docs/podman-kill.1.md
+++ b/docs/podman-kill.1.md
@@ -10,18 +10,18 @@ podman\-kill - Kills one or more containers with a signal
The main process inside each container specified will be sent SIGKILL, or any signal specified with option --signal.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Signal all running containers. This does not include paused containers.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
The latest option is not supported on the remote client.
-**--signal, s**
+**--signal**, **s**
Signal to send to the container. For more information on Linux signals, refer to *man signal(7)*.
diff --git a/docs/podman-load.1.md b/docs/podman-load.1.md
index a3443a229..0a47c18c1 100644
--- a/docs/podman-load.1.md
+++ b/docs/podman-load.1.md
@@ -4,7 +4,7 @@
podman\-load - Load an image from a container image archive into container storage
## SYNOPSIS
-**podman load** [*name*[:*tag*]]
+**podman load** [*options*] [*name*[:*tag*]]
## DESCRIPTION
**podman load** loads an image from either an **oci-archive** or **docker-archive** stored on the local machine into container storage. **podman load** reads from stdin by default or a file if the **input** option is set.
@@ -22,13 +22,13 @@ Note: `:` is a restricted character and cannot be part of the file name.
## OPTIONS
-**--input, -i**
+**--input**, **-i**=*input*
Read from archive file, default is STDIN.
The remote client requires the use of this option.
-**--quiet, -q**
+**--quiet**, **-q**
Suppress the progress output
diff --git a/docs/podman-login.1.md b/docs/podman-login.1.md
index f96803c58..9be67e5a4 100644
--- a/docs/podman-login.1.md
+++ b/docs/podman-login.1.md
@@ -21,7 +21,7 @@ flag. The default path used is **${XDG\_RUNTIME_DIR}/containers/auth.json**.
## OPTIONS
-**--password, -p**
+**--password**, **-p**=*password*
Password for registry
@@ -29,11 +29,11 @@ Password for registry
Take the password from stdin
-**--username, -u**
+**--username**, **-u=***username*
Username for registry
-**--authfile**
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json (Not available for remote commands)
@@ -44,12 +44,12 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
Return the logged-in user for the registry. Return error if no login is found.
-**--cert-dir** *path*
+**--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands)
-**--tls-verify**
+**--tls-verify**=*true|false*
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
diff --git a/docs/podman-logout.1.md b/docs/podman-logout.1.md
index b30328d5b..56d661309 100644
--- a/docs/podman-logout.1.md
+++ b/docs/podman-logout.1.md
@@ -20,14 +20,14 @@ All the cached credentials can be removed by setting the **all** flag.
## OPTIONS
-**--authfile**
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json (Not available for remote commands)
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
-**--all, -a**
+**--all**, **-a**
Remove the cached credentials for all registries in the auth file
diff --git a/docs/podman-logs.1.md b/docs/podman-logs.1.md
index 7feae1b76..310eff438 100644
--- a/docs/podman-logs.1.md
+++ b/docs/podman-logs.1.md
@@ -1,12 +1,12 @@
-% podman-container-logs(1)
+% podman-logs(1)
## NAME
podman\-container\-logs (podman\-logs) - Fetch the logs of one or more containers
## SYNOPSIS
-**podman** **container** **logs** [*options*] *container* [*container...*]
+**podman container logs** [*options*] *container* [*container...*]
-**podman** **logs** [*options*] *container* [*container...*]
+**podman logs** [*options*] *container* [*container...*]
## DESCRIPTION
The podman logs command batch-retrieves whatever logs are present for one or more containers at the time of execution.
@@ -15,7 +15,7 @@ any logs at the time you execute podman logs
## OPTIONS
-**--follow, -f**
+**--follow**, **-f**
Follow log output. Default is false.
@@ -23,26 +23,26 @@ Note: If you are following a container which is removed `podman container rm`
or removed on exit `podman run --rm ...`, then there is a chance the the log
file will be removed before `podman logs` reads the final content.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
The latest option is not supported on the remote client.
-**--since=TIMESTAMP**
+**--since**=*TIMESTAMP*
Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration
strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
and 2006-01-02.
-**--tail=LINES**
+**--tail**=*LINES*
Output the specified number of LINES at the end of the logs. LINES must be a positive integer. Defaults to 0,
which prints all lines
-**--timestamps, -t**
+**--timestamps**, **-t**
Show timestamps in the log outputs. The default is false
diff --git a/docs/podman-mount.1.md b/docs/podman-mount.1.md
index e244e5daf..6b8eb77d9 100644
--- a/docs/podman-mount.1.md
+++ b/docs/podman-mount.1.md
@@ -4,7 +4,7 @@
podman\-mount - Mount the specifed working containers' root filesystem
## SYNOPSIS
-**podman** **mount** [*container* ...]
+**podman mount** [*container* ...]
## DESCRIPTION
Mounts the specified containers' root file system in a location which can be
@@ -19,15 +19,15 @@ returned.
## OPTIONS
-**--all, a**
+**--all**, **a**
Mount all containers.
-**--format**
+**--format**=*format*
Print the mounted containers in specified format (json)
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container.
If you use methods other than Podman to run containers such as CRI-O, the last
diff --git a/docs/podman-pause.1.md b/docs/podman-pause.1.md
index f19fa5d6a..18080ec04 100644
--- a/docs/podman-pause.1.md
+++ b/docs/podman-pause.1.md
@@ -11,7 +11,7 @@ Pauses all the processes in one or more containers. You may use container IDs o
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Pause all running containers.
diff --git a/docs/podman-play-kube.1.md b/docs/podman-play-kube.1.md
index a3a6abbe7..f9a867b44 100644
--- a/docs/podman-play-kube.1.md
+++ b/docs/podman-play-kube.1.md
@@ -1,20 +1,12 @@
-% podman-play-kube Podman Man Pages
-% Brent Baude
-% December 2018
-# NAME
+% podman-play-kube(1)
+
+## NAME
podman-play-kube - Create pods and containers based on Kubernetes YAML
-# SYNOPSIS
-**podman play kube**
-[**-h**|**--help**]
-[**--authfile**]
-[**--cert-dir**]
-[**--creds**]
-[***-q** | **--quiet**]
-[**--tls-verify**]
-kubernetes_input.yml
-
-# DESCRIPTION
+## SYNOPSIS
+**podman play kube** [*options*] *file***.yml**
+
+## DESCRIPTION
**podman play kube** will read in a structured file of Kubernetes YAML. It will then recreate
the pod and containers described in the YAML. The containers within the pod are then started and
the ID of the new Pod is output.
@@ -23,9 +15,9 @@ Ideally the input file would be one created by Podman (see podman-generate-kube(
Note: HostPath volume types created by play kube will be given an SELinux private label (Z)
-# OPTIONS:
+## OPTIONS:
-**--authfile**
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. (Not available for remote commands)
@@ -33,7 +25,7 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
-**--cert-dir** *path*
+**--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands)
@@ -44,11 +36,11 @@ The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
-**--quiet, -q**
+**--quiet**, **-q**
Suppress output information when pulling images
-**--tls-verify**
+**--tls-verify**=*true|false*
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
@@ -58,7 +50,7 @@ TLS verification will be used unless the target registry is listed as an insecur
Print usage statement
-## Examples ##
+## Examples
Recreate the pod and containers as described in a file called `demo.yml`
```
@@ -69,5 +61,5 @@ $ podman play kube demo.yml
## SEE ALSO
podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1), podman-play(1)
-# HISTORY
+## HISTORY
Decemeber 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-pod-create.1.md b/docs/podman-pod-create.1.md
index 02fdebfbd..009a93019 100644
--- a/docs/podman-pod-create.1.md
+++ b/docs/podman-pod-create.1.md
@@ -15,7 +15,7 @@ containers added to it. The pod id is printed to STDOUT. You can then use
## OPTIONS
-**--cgroup-parent**=""
+**--cgroup-parent**=*path*
Path to cgroups under which the cgroup for the pod will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
@@ -27,31 +27,31 @@ Print usage statement
Create an infra container and associate it with the pod. An infra container is a lightweight container used to coordinate the shared kernel namespace of a pod. Default: true
-**--infra-command**=""
+**--infra-command**=*command*
The command that will be run to start the infra container. Default: "/pause"
-**--infra-image**=""
+**--infra-image**=*image*
The image that will be created for the infra container. Default: "k8s.gcr.io/pause:3.1"
-**-l**, **--label**=[]
+**-l**, **--label**=*label*
Add metadata to a pod (e.g., --label com.example.key=value)
-**--label-file**=[]
+**--label-file**=*label*
Read in a line delimited file of labels
-**-n**, **--name**=""
+**-n**, **--name**=*name*
Assign a name to the pod
-**--podidfile**=""
+**--podidfile**=*podid*
Write the pod ID to the file
-**-p**, **--publish**=[]
+**-p**, **--publish**=*port*
Publish a port or range of ports from the pod to the host
@@ -62,7 +62,7 @@ Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPO
NOTE: This cannot be modified once the pod is created.
-**--share**=""
+**--share**=*namespace*
A comma deliminated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are ipc, net, pid, user, uts.
diff --git a/docs/podman-pod-exists.1.md b/docs/podman-pod-exists.1.md
index da3947511..cf2852934 100644
--- a/docs/podman-pod-exists.1.md
+++ b/docs/podman-pod-exists.1.md
@@ -1,13 +1,12 @@
-% podman-pod-exits(1) Podman Man Pages
-% Brent Baude
-% December 2018
-# NAME
+% podman-pod-exists(1)
+
+## NAME
podman-pod-exists - Check if a pod exists in local storage
-# SYNOPSIS
-**podman pod exists** [*-h*|*--help*] *pod*
+## SYNOPSIS
+**podman pod exists** *pod*
-# DESCRIPTION
+## DESCRIPTION
**podman pod exists** checks if a pod exists in local storage. The **ID** or **Name**
of the pod may be used as input. Podman will return an exit code
of `0` when the pod is found. A `1` will be returned otherwise. An exit code of `125` indicates there
@@ -34,5 +33,5 @@ $
## SEE ALSO
podman-pod(1), podman(1)
-# HISTORY
+## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-pod-inspect.1.md b/docs/podman-pod-inspect.1.md
index a4e6a5559..831d28259 100644
--- a/docs/podman-pod-inspect.1.md
+++ b/docs/podman-pod-inspect.1.md
@@ -11,7 +11,7 @@ Displays configuration and state information about a given pod. It also display
that belong to the pod.
## OPTIONS
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, use the last created pod. If you use methods other than Podman
to run pods such as CRI-O, the last started pod could be from either of those methods.
diff --git a/docs/podman-pod-kill.1.md b/docs/podman-pod-kill.1.md
index d617acd66..069db70d2 100644
--- a/docs/podman-pod-kill.1.md
+++ b/docs/podman-pod-kill.1.md
@@ -10,18 +10,18 @@ podman\-pod\-kill - Kills all containers in one or more pods with a signal
The main process of each container inside the pods specified will be sent SIGKILL, or any signal specified with option --signal.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Sends signal to all containers associated with a pod.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, use the last created pod. If you use methods other than Podman
to run pods such as CRI-O, the last started pod could be from either of those methods.
The latest option is not supported on the remote client.
-**--signal, -s**
+**--signal**, **-s**
Signal to send to the containers in the pod. For more information on Linux signals, refer to *man signal(7)*.
diff --git a/docs/podman-pod-pause.1.md b/docs/podman-pod-pause.1.md
index 0ed63a7f8..9533ed4a1 100644
--- a/docs/podman-pod-pause.1.md
+++ b/docs/podman-pod-pause.1.md
@@ -11,11 +11,11 @@ Pauses all the running processes in the containers of one or more pods. You may
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Pause all pods.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, pause the last created pod.
diff --git a/docs/podman-pod-prune.1.md b/docs/podman-pod-prune.1.md
index 121198de7..f79961b2f 100644
--- a/docs/podman-pod-prune.1.md
+++ b/docs/podman-pod-prune.1.md
@@ -1,17 +1,15 @@
-% % podman-pod-prune (1)
-% Peter Hunt
-% April 2019
-# NAME
+% podman-pod-prune(1)
+
+## NAME
podman-pod-prune - Remove all stopped pods
-# SYNOPSIS
-**podman pod prune** [*-h*|*--help*]
+## SYNOPSIS
+**podman pod prune**
-# DESCRIPTION
+## DESCRIPTION
**podman pod prune** removes all stopped pods from local storage.
-## Examples ##
-
+## EXAMPLES
Remove all stopped pods from local storage
```
$ sudo podman pod prune
@@ -25,5 +23,5 @@ $ sudo podman pod prune
## SEE ALSO
podman-pod(1), podman-pod-ps(1), podman-pod-rm(1)
-# HISTORY
+## HISTORY
April 2019, Originally compiled by Peter Hunt (pehunt at redhat dot com)
diff --git a/docs/podman-pod-ps.1.md b/docs/podman-pod-ps.1.md
index ee215154a..65a7072ab 100644
--- a/docs/podman-pod-ps.1.md
+++ b/docs/podman-pod-ps.1.md
@@ -38,7 +38,7 @@ Includes the container IDs in the container info field
Includes the container statuses in the container info field
-**--latest, -l**
+**--latest**,**-l**
Show the latest pod created (all states)
@@ -48,11 +48,11 @@ The latest option is not supported on the remote client.
Display the extended information
-**--quiet, -q**
+**--quiet**, **-q**
Print the numeric IDs of the pods only
-**--format**
+**--format**=*format*
Pretty-print containers to JSON or using a Go template
@@ -75,7 +75,7 @@ Sort by created, ID, name, status, or number of containers
Default: created
-**--filter, -f**
+**--filter**, **-f=***filter*
Filter output based on conditions given
diff --git a/docs/podman-pod-restart.1.md b/docs/podman-pod-restart.1.md
index cd6e5c8ce..57f479102 100644
--- a/docs/podman-pod-restart.1.md
+++ b/docs/podman-pod-restart.1.md
@@ -14,11 +14,11 @@ When restarting multiple pods, an error from restarting one pod will not effect
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Restarts all pods
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, restart the last created pod.
diff --git a/docs/podman-pod-rm.1.md b/docs/podman-pod-rm.1.md
index 7cd7c26bc..6659534b4 100644
--- a/docs/podman-pod-rm.1.md
+++ b/docs/podman-pod-rm.1.md
@@ -11,17 +11,17 @@ podman\-pod\-rm - Remove one or more pods
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Remove all pods. Can be used in conjunction with \-f as well.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, remove the last created pod.
The latest option is not supported on the remote client.
-**--force, -f**
+**--force**, **-f**
Stop running containers and delete all stopped containers before removal of pod.
diff --git a/docs/podman-pod-start.1.md b/docs/podman-pod-start.1.md
index 27e40740f..29960d6aa 100644
--- a/docs/podman-pod-start.1.md
+++ b/docs/podman-pod-start.1.md
@@ -12,11 +12,11 @@ to be started.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Starts all pods
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, start the last created pod.
diff --git a/docs/podman-pod-stats.1.md b/docs/podman-pod-stats.1.md
index be32f05be..d081c91cb 100644
--- a/docs/podman-pod-stats.1.md
+++ b/docs/podman-pod-stats.1.md
@@ -1,4 +1,4 @@
-% podman-pod-stats "1"
+% podman-pod-stats(1)
## NAME
podman\-pod\-stats - Display a live stream of resource usage statistics for the containers in one or more pods
@@ -11,11 +11,11 @@ Display a live stream of containers in one or more pods resource usage statistic
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Show all containers. Only running containers are shown by default
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, use the last created pod.
@@ -29,7 +29,7 @@ Do not clear the terminal/screen in between reporting intervals
Disable streaming pod stats and only pull the first result, default setting is false
-**--format="TEMPLATE"**
+**--format**=*template*
Pretty-print container statistics to JSON or using a Go template
@@ -80,7 +80,7 @@ a9f807ffaacd frosty_hodgkin -- 3.092MB / 16.7GB 0.02% -- / -- --
```
```
-# podman pod-stats --no-stream --format "table {{.ID}} {{.Name}} {{.MemUsage}}" 6eae
+# podman pod stats --no-stream --format "table {{.ID}} {{.Name}} {{.MemUsage}}" 6eae
ID NAME MEM USAGE / LIMIT
6eae9e25a564 clever_bassi 3.031MB / 16.7GB
```
diff --git a/docs/podman-pod-stop.1.md b/docs/podman-pod-stop.1.md
index 787c672bd..b3ce47d72 100644
--- a/docs/podman-pod-stop.1.md
+++ b/docs/podman-pod-stop.1.md
@@ -11,17 +11,17 @@ Stop containers in one or more pods. You may use pod IDs or names as input.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Stops all pods
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, stop the last created pod.
The latest option is not supported on the remote client.
-**--timeout, --time, -t**
+**--timeout**, **--time**, **-t**=*time*
Timeout to wait before forcibly stopping the containers in the pod.
diff --git a/docs/podman-pod-top.1.md b/docs/podman-pod-top.1.md
index fbab6bc09..48f10055a 100644
--- a/docs/podman-pod-top.1.md
+++ b/docs/podman-pod-top.1.md
@@ -11,11 +11,11 @@ Display the running processes of containers in a pod. The *format-descriptors* a
## OPTIONS
-**--help, -h**
+**--help**, **-h**
Print usage statement
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, use the last created pod.
@@ -25,7 +25,7 @@ The latest option is not supported on the remote client.
The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1):
-**args, capbnd, capeff, capinh, capprm, comm, etime, group, hgroup, hpid, huser, label, nice, pcpu, pgid, pid, ppid, rgroup, ruser, seccomp, state, time, tty, user, vsz**
+**args**, **capbnd**, **capeff**, **capinh**, **capprm**, **comm**, **etime**, **group**, **hgroup**, **hpid**, **huser**, **label**, **nice**, **pcpu**, **pgid**, **pid**, **ppid**, **rgroup**, **ruser**, **seccomp**, **state**, **time**, **tty**, **user**, **vsz**
**capbnd**
diff --git a/docs/podman-pod-unpause.1.md b/docs/podman-pod-unpause.1.md
index 8930fde32..e0a88c2e3 100644
--- a/docs/podman-pod-unpause.1.md
+++ b/docs/podman-pod-unpause.1.md
@@ -11,11 +11,11 @@ Unpauses all the paused processes in the containers of one or more pods. You ma
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Unpause all pods.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the pod name or ID, unpause the last created pod.
diff --git a/docs/podman-port.1.md b/docs/podman-port.1.md
index 5adfae5f3..bee15c881 100644
--- a/docs/podman-port.1.md
+++ b/docs/podman-port.1.md
@@ -11,12 +11,12 @@ List port mappings for the *container* or lookup the public-facing port that is
## OPTIONS
-**--all, -a**
+**--all**, **-a**
List all known port mappings for running containers. When using this option, you cannot pass any container names
or private ports/protocols as filters.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
diff --git a/docs/podman-ps.1.md b/docs/podman-ps.1.md
index 8d35c8254..e3aaf93e2 100644
--- a/docs/podman-ps.1.md
+++ b/docs/podman-ps.1.md
@@ -20,11 +20,11 @@ all the containers information. By default it lists:
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Show all the containers, default is only running containers
-**--pod, -p**
+**--pod**, **-p**
Display the pods the containers are associated with
@@ -32,11 +32,11 @@ Display the pods the containers are associated with
Display the extended information
-**--quiet, -q**
+**--quiet**, **-q**
Print the numeric IDs of the containers only
-**--format**
+**--format**=*format*
Pretty-print containers to JSON or using a Go template
@@ -63,25 +63,25 @@ Sort by command, created, id, image, names, runningfor, size, or status",
Note: Choosing size will sort by size of rootFs, not alphabetically like the rest of the options
Default: created
-**--size, -s**
+**--size**, **-s**
Display the total file size
-**--last, -n**
+**--last**, **-n**
Print the n last created containers (all states)
-**--latest, -l**
+**--latest**, **-l**
Show the latest container created (all states)
The latest option is not supported on the remote client.
-**--namespace, --ns**
+**--namespace**, **--ns**
Display namespace information
-**--filter, -f**
+**--filter**, **-f**
Filter what containers are shown in the output.
Multiple filters can be given with multiple uses of the --filter flag.
@@ -113,7 +113,7 @@ In some cases, a container's state in the runtime can become out of sync with Po
This will update Podman's state based on what the OCI runtime reports.
Forcibly syncing is much slower, but can resolve inconsistent state issues.
-**--watch, -w**
+**--watch**, **-w**
Refresh the output with current containers on an interval in seconds.
diff --git a/docs/podman-pull.1.md b/docs/podman-pull.1.md
index f5b6539e9..2d6d42959 100644
--- a/docs/podman-pull.1.md
+++ b/docs/podman-pull.1.md
@@ -45,13 +45,13 @@ Image stored in local container/storage
## OPTIONS
-**--all-tags, a**
+**--all-tags**, **a**
All tagged images in the repository will be pulled.
Note: When using the all-tags flag, Podman will not iterate over the search registries in the containers-registries.conf(5) but will always use docker.io for unqualified image names.
-**--authfile**
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. (Not available for remote commands)
@@ -59,22 +59,22 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
-**--cert-dir** *path*
+**--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands)
-**--creds**
+**--creds**=*[username[:password]]*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
-**--quiet, -q**
+**--quiet**, **-q**
Suppress output information when pulling images
-**--tls-verify**
+**--tls-verify**=*true|false*
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
diff --git a/docs/podman-push.1.md b/docs/podman-push.1.md
index ceb42fa28..4ac901919 100644
--- a/docs/podman-push.1.md
+++ b/docs/podman-push.1.md
@@ -44,7 +44,7 @@ Image stored in local container/storage
## OPTIONS
-**--authfile**
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. (Not available for remote commands)
@@ -52,13 +52,13 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
-**--creds="CREDENTIALS"**
+**--creds**=*[username[:password]]*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
-**--cert-dir** *path*
+**--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands) (Not available for remote commands)
@@ -68,12 +68,12 @@ Default certificates directory is _/etc/containers/certs.d_. (Not available for
Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source)
Note: This flag can only be set when using the **dir** transport
-**--format, -f**
+**--format**, **-f**=*format*
Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source)
Note: This flag can only be set when using the **dir** transport
-**--quiet, -q**
+**--quiet**, **-q**
When writing the output image, suppress progress output
@@ -81,11 +81,11 @@ When writing the output image, suppress progress output
Discard any pre-existing signatures in the image
-**--sign-by="KEY"**
+**--sign-by**=*key*
Add a signature at the destination using the specified key
-**--tls-verify**
+**--tls-verify**=*true|false*
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
diff --git a/docs/podman-restart.1.md b/docs/podman-restart.1.md
index a20eee243..643eb1b03 100644
--- a/docs/podman-restart.1.md
+++ b/docs/podman-restart.1.md
@@ -12,10 +12,10 @@ Containers will be stopped if they are running and then restarted. Stopped
containers will not be stopped and will only be started.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Restart all containers regardless of their current state.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
@@ -24,7 +24,7 @@ The latest option is not supported on the remote client.
**--running**
Restart all containers that are already in the *running* state.
-**--timeout**
+**--timeout**=*time*
Timeout to wait before forcibly stopping the container.
diff --git a/docs/podman-rm.1.md b/docs/podman-rm.1.md
index 16d4027c9..c7ff23bdf 100644
--- a/docs/podman-rm.1.md
+++ b/docs/podman-rm.1.md
@@ -1,4 +1,4 @@
-% podman-container-rm(1)
+% podman-rm(1)
## NAME
podman\-container\-rm (podman\-rm) - Remove one or more containers
@@ -13,24 +13,24 @@ podman\-container\-rm (podman\-rm) - Remove one or more containers
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Remove all containers. Can be used in conjunction with -f as well.
-**--force, -f**
+**--force**, **-f**
Force the removal of running and paused containers. Forcing a containers removal also
removes containers from container storage even if the container is not known to podman.
Containers could have been created by a different container engine.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
The latest option is not supported on the remote client.
-**--volumes, -v**
+**--volumes**, **-v**
Remove the volumes associated with the container.
diff --git a/docs/podman-rmi.1.md b/docs/podman-rmi.1.md
index 8c22bba2c..2cba8a22d 100644
--- a/docs/podman-rmi.1.md
+++ b/docs/podman-rmi.1.md
@@ -1,12 +1,12 @@
-% podman-image-rm(1)
+% podman-rmi(1)
## NAME
podman\-image\-rm (podman\-rmi) - Removes one or more images
## SYNOPSIS
-**podman image rm** *image* ...
+**podman image rm** *image* [...]
-**podman rmi** *image* ...
+**podman rmi** *image* [...]
## DESCRIPTION
Removes one or more locally stored images.
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index a7091e89a..5bf7aeee8 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -31,19 +31,19 @@ is located at `/run/.containerenv`.
When running from a user defined network namespace, the /etc/netns/NSNAME/resolv.conf will be used if it exists, otherwise /etc/resolv.conf will be used.
## OPTIONS
-**--add-host**=[]
+**--add-host**=*host:ip*
Add a custom host-to-IP mapping (host:ip)
Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
option can be set multiple times.
-**--annotation**=[]
+**--annotation**=*key=value*
Add an annotation to the container. The format is key=value.
The **--annotation** option can be set multiple times.
-**--attach**, **-a**=[]
+**--attach**, **-a**=*stdio*
Attach to STDIN, STDOUT or STDERR.
@@ -54,48 +54,48 @@ error. It can even pretend to be a TTY (this is what most commandline
executables expect) and pass along signals. The **-a** option can be set for
each of stdin, stdout, and stderr.
-**--authfile**
+**--authfile**[=*path*]
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json (Not available for remote commands)
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
-**--blkio-weight**=*0*
+**--blkio-weight**=*weight*
Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-**--blkio-weight-device**=[]
+**--blkio-weight-device**=*DEVICE_NAME:WEIGHT*
Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-**--cap-add**=[]
+**--cap-add**=*capability*
Add Linux capabilities
-**--cap-drop**=[]
+**--cap-drop**=*capability*
Drop Linux capabilities
-**--cgroup-parent**=""
+**--cgroup-parent**=*cgroup*
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-**--cidfile**=""
+**--cidfile**=*file*
Write the container ID to the file
-**--conmon-pidfile**=""
+**--conmon-pidfile**=*file*
Write the pid of the `conmon` process to a file. `conmon` runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers.
-**--cpu-period**=*0*
+**--cpu-period**=*limit*
Limit the CPU CFS (Completely Fair Scheduler) period
Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
-**--cpu-quota**=*0*
+**--cpu-quota**=*limit*
Limit the CPU CFS (Completely Fair Scheduler) quota
@@ -103,13 +103,13 @@ Limit the container's CPU usage. By default, containers run with the full
CPU resource. This flag tell the kernel to restrict the container's CPU usage
to the quota you specify.
-**--cpu-rt-period**=0
+**--cpu-rt-period**=*microseconds*
Limit the CPU real-time period in microseconds
Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
-**--cpu-rt-runtime**=0
+**--cpu-rt-runtime**=*microseconds*
Limit the CPU real-time runtime in microseconds
@@ -118,7 +118,7 @@ Period of 1,000,000us and Runtime of 950,000us means that this container could c
The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-**--cpu-shares**=*0*
+**--cpu-shares**=*shares*
CPU shares (relative weight)
@@ -155,15 +155,15 @@ PID container CPU CPU share
101 {C1} 1 100% of CPU1
102 {C1} 2 100% of CPU2
-**--cpus**=0.0
+**--cpus**=*number*
Number of CPUs. The default is *0.0* which means no limit.
-**--cpuset-cpus**=""
+**--cpuset-cpus**=*number*
CPUs in which to allow execution (0-3, 0,1)
-**--cpuset-mems**=""
+**--cpuset-mems**=*nodes*
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
@@ -171,7 +171,7 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
then processes in your container will only use memory from the first
two memory nodes.
-**--detach**, **-d**=*true*|*false*
+**--detach**, **-d**=*true|false*
Detached mode: run the container in the background and print the new container ID. The default is *false*.
@@ -184,31 +184,31 @@ running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl
You configure the key sequence using the **--detach-keys** option or a configuration file.
See **config-json(5)** for documentation on using a configuration file.
-**--detach-keys**=""
+**--detach-keys**=*char*
Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
-**--device**=[]
+**--device**=*device*
Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
-**--device-read-bps**=[]
+**--device-read-bps**=*path*
Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
-**--device-read-iops**=[]
+**--device-read-iops**=*path*
Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
-**--device-write-bps**=[]
+**--device-write-bps**=*path*
Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
-**--device-write-iops**=[]
+**--device-write-iops**=*path*
Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
-**--dns**=[]
+**--dns**=*dns*
Set custom DNS servers
@@ -220,15 +220,15 @@ is the case the **--dns** flags is necessary for every run.
The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman.
The **/etc/resolv.conf** file in the image will be used without changes.
-**--dns-option**=[]
+**--dns-option**=*option*
Set custom DNS options
-**--dns-search**=[]
+**--dns-search**=*domain*
Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
-**--entrypoint** *"command"* | *'["command", "arg1", ...]'*
+**--entrypoint**=*"command"* | *'["command", "arg1", ...]'*
Overwrite the default ENTRYPOINT of the image
@@ -246,7 +246,7 @@ ENTRYPOINT.
You need to specify multi option commands in the form of a json string.
-**--env**, **-e**=[]
+**--env**, **-e**=*env*
Set environment variables
@@ -254,46 +254,45 @@ This option allows you to specify arbitrary
environment variables that are available for the process that will be launched
inside of the container.
-**--env-file**=[]
+**--env-file**=*file*
Read in a line delimited file of environment variables
-**--expose**=[]
+**--expose**=*port*
Expose a port, or a range of ports (e.g. --expose=3300-3310) to set up port redirection
on the host system.
-**--gidmap**=container_gid:host_gid:amount
-**--gidmap**=0:30000:2000
+**--gidmap**=*container_gid:host_gid:amount*
Run the container in a new user namespace using the supplied mapping. This option conflicts with the --userns and --subgidname flags.
This option can be passed several times to map different ranges. If calling podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subuid(5)`.
-The example maps gids 0-2000 in the container to the gids 30000-31999 on the host.
+The example maps gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000`
-**--group-add**=[]
+**--group-add**=*group*
Add additional groups to run as
-**--healthcheck**=""
+**--healthcheck**=*command*
Set or alter a healthcheck command for a container. The command is a command to be executed inside your
container that determines your container health. The command is required for other healthcheck options
to be applied. A value of `none` disables existing healthchecks.
-**--healthcheck-interval**=""
+**--healthcheck-interval**=*interval*
Set an interval for the healthchecks (a value of `disable` results in no automatic timer setup) (default "30s")
-**--healthcheck-retries=**
+**--healthcheck-retries**=*retries*
The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is `3`.
-**--healthcheck-start-period**=""
+**--healthcheck-start-period**=*period*
The initialization time needed for a container to bootstrap. The value can be expressed in time format like
`2m3s`. The default value is `0s`
-**--healthcheck-timeout**=""
+**--healthcheck-timeout**=*timeout*
The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the
value can be expressed in a time format such as `1m22s`. The default value is `30s`.
@@ -302,13 +301,13 @@ value can be expressed in a time format such as `1m22s`. The default value is `
Print usage statement
-**--hostname**=""
+**--hostname**=*name*
Container host name
Sets the container host name that is available inside the container.
-**--http-proxy**=*true*|*false*
+**--http-proxy**=*true|false*
By default proxy environment variables are passed into the container if set
for the podman process. This can be disabled by setting the `--http-proxy`
@@ -328,7 +327,7 @@ container:
Defaults to `true`
-**--image-volume**, **builtin-volume**=*bind*|*tmpfs*|*ignore*
+**--image-volume**, **builtin-volume**=*bind|tmpfs|ignore*
Tells podman how to handle the builtin image volumes.
@@ -344,27 +343,27 @@ content that disappears when the container is stopped.
Run an init inside the container that forwards signals and reaps processes.
-**--init-path**=""
+**--init-path**=*path*
Path to the container-init binary.
-**--interactive**, **-i**=*true*|*false*
+**--interactive**, **-i**=*true|false*
Keep STDIN open even if not attached. The default is *false*.
When set to true, keep stdin open even if not attached. The default is false.
-**--ip6**=""
+**--ip6**=*ip*
Not implemented
-**--ip**=""
+**--ip**=*ip*
Specify a static IP address for the container, for example '10.88.64.128'.
Can only be used if no additional CNI networks to join were specified via '--network=<network-name>', and if the container is not joining another container's network namespace via '--network=container:<name|id>'.
The address must be within the default CNI network's pool (default 10.88.0.0/16).
-**--ipc**=""
+**--ipc**=*ipc*
Default is to create a private IPC namespace (POSIX SysV IPC) for the container
@@ -372,7 +371,7 @@ Default is to create a private IPC namespace (POSIX SysV IPC) for the container
- `host`: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
- `ns:<path>` path to an IPC namespace to join.
-**--kernel-memory**=""
+**--kernel-memory**=*number[unit]*
Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
@@ -382,15 +381,15 @@ is not limited. If you specify a limit, it may be rounded up to a multiple
of the operating system's page size and the value can be very large,
millions of trillions.
-**--label**, **-l**=[]
+**--label**, **-l**=*label*
Add metadata to a container (e.g., --label com.example.key=value)
-**--label-file**=[]
+**--label-file**=*file*
Read in a line delimited file of labels
-**--link-local-ip**=[]
+**--link-local-ip**=*ip*
Not implemented
@@ -398,13 +397,13 @@ Not implemented
Logging driver for the container. Currently not supported. This flag is a NOOP provided soley for scripting compatibility.
-**--log-opt**=[]
+**--log-opt**=*path*
Logging driver specific options. Used to set the path to the container log file. For example:
`--log-opt path=/var/log/container/mycontainer.json`
-**--mac-address**=""
+**--mac-address**=*address*
Container MAC address (e.g. `92:d0:c6:0a:29:33`)
@@ -414,7 +413,7 @@ according to RFC4862.
Not currently supported
-**--memory**, **-m**=""
+**--memory**, **-m**=*limit*
Memory limit (format: <number>[<unit>], where unit = b, k, m or g)
@@ -424,7 +423,7 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).
-**--memory-reservation**=""
+**--memory-reservation**=*limit*
Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
@@ -434,7 +433,7 @@ reservation. So you should always set the value below **--memory**, otherwise th
hard limit will take precedence. By default, memory reservation will be the same
as memory limit.
-**--memory-swap**="LIMIT"
+**--memory-swap**=*limit*
A limit value equal to memory plus swap. Must be used with the **-m**
(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
@@ -445,7 +444,7 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-**--memory-swappiness**=""
+**--memory-swappiness**=*number*
Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
@@ -479,7 +478,7 @@ Current supported mount TYPES are bind, and tmpfs.
· tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
-**--name**=""
+**--name**=*name*
Assign a name to the container
@@ -493,7 +492,7 @@ to the container with **--name** then it will generate a random
string name. The name is useful any place you need to identify a container.
This works for both background and foreground containers.
-**--network**, **--net**="*bridge*"
+**--network**, **--net**=*mode*
Set the Network mode for the container:
- `bridge`: create a network stack on the default bridge
@@ -504,26 +503,26 @@ Set the Network mode for the container:
- `ns:<path>`: path to a network namespace to join
- `slirp4netns`: use slirp4netns to create a user network stack. This is the default for rootless containers
-**--network-alias**=[]
+**--network-alias**=*alias*
Not implemented
-**--no-hosts**=*true*|*false*
+**--no-hosts**=*true|false*
Do not create /etc/hosts for the container.
By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **--add-host**.
**--no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified.
This option conflicts with **--add-host**.
-**--oom-kill-disable**=*true*|*false*
+**--oom-kill-disable**=*true|false*
Whether to disable OOM Killer for the container or not.
-**--oom-score-adj**=""
+**--oom-score-adj**=*num*
Tune the host's OOM preferences for containers (accepts -1000 to 1000)
-**--pid**=""
+**--pid**=*pid*
Set the PID mode for the container
@@ -533,17 +532,17 @@ Default is to create a private PID namespace for the container
- `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
- `ns`: join the specified PID namespace
-**--pids-limit**=""
+**--pids-limit**=*limit*
Tune the container's pids limit. Set `-1` to have unlimited pids for the container.
-**--pod**=""
+**--pod**=*name*
Run container in an existing pod. If you want podman to make the pod for you, preference the pod name with `new:`.
To make a pod with more granular options, use the `podman pod create` command before creating a container.
If a container is run with a pod, and the pod has an infra-container, the infra-container will be started before the container is.
-**--privileged**=*true*|*false*
+**--privileged**=*true|false*
Give extended privileges to this container. The default is *false*.
@@ -557,7 +556,7 @@ to all devices on the host, turns off graphdriver mount options, as well as
turning off most of the security measures protecting the host from the
container.
-**--publish**, **-p**=[]
+**--publish**, **-p**=*port*
Publish a container's port, or range of ports, to the host
@@ -573,7 +572,7 @@ With ip: `podman run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t s
Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT`
-**--publish-all**, **-P**=*true*|*false*
+**--publish-all**, **-P**=*true|false*
Publish all exposed ports to random ports on the host interfaces. The default is *false*.
@@ -586,11 +585,11 @@ When using -P, podman will bind any exposed port to a random port on the host
within an *ephemeral port range* defined by `/proc/sys/net/ipv4/ip_local_port_range`.
To find the mapping between the host ports and the exposed ports, use `podman port`.
-**--quiet, -q**
+**--quiet**, **-q**
Suppress output information when pulling images
-**--read-only**=*true*|*false*
+**--read-only**=*true|false*
Mount the container's root filesystem as read only.
@@ -598,10 +597,11 @@ By default a container will have its root filesystem writable allowing processes
to write files anywhere. By specifying the `--read-only` flag the container will have
its root filesystem mounted as read only prohibiting any writes.
-**--read-only-tmpfs**=*true*|*false*
+**--read-only-tmpfs**=*true|false*
+
If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is *true*
-**--restart=""**
+**--restart**=*policy*
Restart policy to follow when containers exit.
Restart policy will not take effect if a container is stopped via the `podman kill` or `podman stop` commands.
@@ -615,7 +615,7 @@ Please note that restart will not restart containers after a system reboot.
If this functionality is required in your environment, you can invoke Podman from a systemd unit file, or create an init script for whichever init system is in use.
To generate systemd unit files, please see *podman generate systemd*
-**--rm**=*true*|*false*
+**--rm**=*true|false*
Automatically remove the container when it exits. The default is *false*.
@@ -630,7 +630,7 @@ If specified, the first argument refers to an exploded container on the file sys
This is useful to run a container without requiring any image management, the rootfs
of the container is assumed to be managed externally.
-**--security-opt**=[]
+**--security-opt**=*option*
Security Options
@@ -650,13 +650,13 @@ Security Options
Note: Labelling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.
-**--shm-size**=""
+**--shm-size**=*size*
Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes).
If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`.
-**--sig-proxy**=*true*|*false*
+**--sig-proxy**=*true|false*
Proxy signals sent to the `podman run` command to the container process. SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*.
@@ -664,16 +664,18 @@ Proxy signals sent to the `podman run` command to the container process. SIGCHLD
Signal to stop a container. Default is SIGTERM.
-**--stop-timeout**=*10*
+**--stop-timeout**=*seconds*
Timeout (in seconds) to stop a container. Default is 10.
-**--subgidname**=name
+**--subuidname**=*name*
+
Run the container in a new user namespace using the map with 'name' in the `/etc/subgid` file.
If calling podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subgid(5)`.
This flag conflicts with `--userns` and `--gidmap`.
-**--subuidname**=name
+**--subuidname**=*name*
+
Run the container in a new user namespace using the map with 'name' in the `/etc/subuid` file.
If calling podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subuid(5)`.
This flag conflicts with `--userns` and `--uidmap`.
@@ -701,7 +703,7 @@ Network Namespace - current sysctls allowed:
Note: if you use the `--network=host` option these sysctls will not be allowed.
-**--systemd**=*true*|*false*
+**--systemd**=*true|false*
Run container in systemd mode. The default is *true*.
@@ -720,7 +722,9 @@ The `container_manage_cgroup` boolean must be enabled for this to be allowed on
`setsebool -P container_manage_cgroup true`
-**--tmpfs**=[] Create a tmpfs mount
+**--tmpfs**=*fs*
+
+Create a tmpfs mount
Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
@@ -731,7 +735,7 @@ options are the same as the Linux default `mount` flags. If you do not specify
any options, the systems uses the following options:
`rw,noexec,nosuid,nodev,size=65536k`.
-**--tty**, **-t**=*true*|*false*
+**--tty**, **-t**=*true|false*
Allocate a pseudo-TTY. The default is *false*.
@@ -742,18 +746,17 @@ interactive shell. The default is false.
**NOTE**: The **-t** option is incompatible with a redirection of the podman client
standard input.
-**--uidmap**=container_uid:host_uid:amount
-**--uidmap**=0:30000:2000
+**--uidmap**=*container_uid:host_uid:amount*
Run the container in a new user namespace using the supplied mapping. This option conflicts with the --userns and --subuidname flags.
This option can be passed several times to map different ranges. If calling podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subuid(5)`.
-The example maps uids 0-2000 in the container to the uids 30000-31999 on the host.
+The example maps uids 0-2000 in the container to the uids 30000-31999 on the host. `--uidmap=0:30000:2000`
-**--ulimit**=[]
+**--ulimit**=*option*
Ulimit options
-**--user**, **-u**=""
+**--user**, **-u**=*user*
Sets the username or UID used and optionally the groupname or GID for the specified command.
@@ -882,7 +885,7 @@ If the location of the volume from the source container overlaps with
data residing on a target container, then the volume hides
that data on the target.
-**--workdir**, **-w**=""
+**--workdir**, **-w**=*dir*
Working directory inside the container
diff --git a/docs/podman-save.1.md b/docs/podman-save.1.md
index 8e01c230d..034d2696f 100644
--- a/docs/podman-save.1.md
+++ b/docs/podman-save.1.md
@@ -25,20 +25,20 @@ Note: `:` is a restricted character and cannot be part of the file name.
Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source)
Note: This flag can only be set when using the **dir** transport i.e --format=oci-dir or --format-docker-dir
-**--output, -o**
+**--output**, **-o**=*file*
Write to a file, default is STDOUT
-**--format**
+**--format**=*format*
-Save image to **oci-archive**, **oci-dir** (directory with oci manifest type), or **docker-dir** (directory with v2s2 manifest type)
+Save image to **oci-archive, oci-dir** (directory with oci manifest type), or **docker-dir** (directory with v2s2 manifest type)
```
--format oci-archive
--format oci-dir
--format docker-dir
```
-**--quiet, -q**
+**--quiet**, **-q**
Suppress the output
diff --git a/docs/podman-search.1.md b/docs/podman-search.1.md
index 8d315086e..f0a696494 100644
--- a/docs/podman-search.1.md
+++ b/docs/podman-search.1.md
@@ -25,14 +25,14 @@ Note, searching without a search term will only work for registries that impleme
## OPTIONS
-**--authfile**
+**--authfile**=*path*
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json (Not available for remote commands)
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
-**--filter, -f**
+**--filter**, **-f**=*filter*
Filter output based on conditions provided (default [])
@@ -42,7 +42,7 @@ Supported filters are:
* is-automated (boolean - true | false) - is the image automated or not
* is-official (boolean - true | false) - is the image official or not
-**--format**
+**--format**=*format*
Change the output format to a Go template
@@ -57,7 +57,7 @@ Valid placeholders for the Go template are listed below:
| .Official | "[OK]" if image is official |
| .Automated | "[OK]" if image is automated |
-**--limit**
+**--limit**=*limit*
Limit the number of results
Note: The results from each registry will be limited to this value.
@@ -69,7 +69,7 @@ The order of the search results is the order in which the API endpoint returns t
Do not truncate the output
-**--tls-verify**
+**--tls-verify**=*true|false*
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
then TLS verification will be used. If set to false, then TLS verification will not be used if needed. If not specified,
diff --git a/docs/podman-start.1.md b/docs/podman-start.1.md
index aa5362046..af7094bca 100644
--- a/docs/podman-start.1.md
+++ b/docs/podman-start.1.md
@@ -14,27 +14,27 @@ attach to the container.
## OPTIONS
-**--attach, -a**
+**--attach**, **-a**
Attach container's STDOUT and STDERR. The default is false. This option cannot be used when
starting multiple containers.
-**--detach-keys**
+**--detach-keys**=*char*
Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`.
-**--interactive, -i**
+**--interactive**, **-i**
Attach container's STDIN. The default is false.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
The latest option is not supported on the remote client.
-**--sig-proxy**=*true*|*false*
+**--sig-proxy**=*true|false*
Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true* when attaching, *false* otherwise.
diff --git a/docs/podman-stats.1.md b/docs/podman-stats.1.md
index 97a9be961..b817662a8 100644
--- a/docs/podman-stats.1.md
+++ b/docs/podman-stats.1.md
@@ -1,4 +1,4 @@
-% podman-stats "1"
+% podman-stats(1)
## NAME
podman\-stats - Display a live stream of 1 or more containers' resource usage statistics
@@ -11,11 +11,11 @@ Display a live stream of one or more containers' resource usage statistics
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Show all containers. Only running containers are shown by default
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
@@ -30,7 +30,7 @@ Do not clear the terminal/screen in between reporting intervals
Disable streaming stats and only pull the first result, default setting is false
-**--format="TEMPLATE"**
+**--format**=*template*
Pretty-print container statistics to JSON or using a Go template
@@ -49,6 +49,7 @@ Valid placeholders for the Go template are listed below:
| .PIDS | Number of PIDs |
When using a GO template, you may preceed the format with `table` to print headers.
+
## EXAMPLE
```
diff --git a/docs/podman-stop.1.md b/docs/podman-stop.1.md
index 2016a7301..e2c4e8b44 100644
--- a/docs/podman-stop.1.md
+++ b/docs/podman-stop.1.md
@@ -1,4 +1,4 @@
-% podman-stop "1"
+% podman-stop(1)
## NAME
podman\-stop - Stop one or more containers
@@ -15,18 +15,18 @@ container and also via command line when creating the container.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Stop all running containers. This does not include paused containers.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
The latest option is not supported on the remote client.
-**--timeout, --time, t**
+**--timeout**, **--time**, **t**=*time*
Timeout to wait before forcibly stopping the container
diff --git a/docs/podman-system-df.1.md b/docs/podman-system-df.1.md
index b6d71c634..425796f50 100644
--- a/docs/podman-system-df.1.md
+++ b/docs/podman-system-df.1.md
@@ -1,4 +1,4 @@
-% podman-system-df(1) podman
+% podman-system-df(1)
## NAME
podman\-system\-df - Show podman disk usage
@@ -10,11 +10,11 @@ podman\-system\-df - Show podman disk usage
Show podman disk usage
## OPTIONS
-**--format**=""
+**--format=***format*
Pretty-print images using a Go template
-**-v, --verbose**[=false]
+**-v**, **--verbose**[=*true|false*]
Show detailed information on space usage
## EXAMPLE
@@ -53,5 +53,5 @@ Local Volumes 1
## SEE ALSO
podman-system(1)
-# HISTORY
+## HISTORY
March 2019, Originally compiled by Qi Wang (qiwan at redhat dot com)
diff --git a/docs/podman-system-migrate.1.md b/docs/podman-system-migrate.1.md
index 7c2d1823c..48f3bca8f 100644
--- a/docs/podman-system-migrate.1.md
+++ b/docs/podman-system-migrate.1.md
@@ -1,4 +1,4 @@
-% podman-system-migrate(1) podman
+% podman-system-migrate(1)
## NAME
podman\-system\-migrate - Migrate container to the latest version of podman
@@ -17,5 +17,5 @@ podman\-system\-migrate - Migrate container to the latest version of podman
## SEE ALSO
`podman(1)`, `libpod.conf(5)`
-# HISTORY
+## HISTORY
April 2019, Originally compiled by Giuseppe Scrivano (gscrivan at redhat dot com)
diff --git a/docs/podman-system-prune.1.md b/docs/podman-system-prune.1.md
index 6a284a110..e6297dc0b 100644
--- a/docs/podman-system-prune.1.md
+++ b/docs/podman-system-prune.1.md
@@ -1,14 +1,10 @@
-% podman-system-prune(1) podman
+% podman-system-prune(1)
## NAME
podman\-system\-prune - Remove all unused container, image and volume data
## SYNOPSIS
-**podman system prune**
-[**-all**|**--a**]
-[**-force**|**--f**]
-[**-help**|**--h**]
-[**-volumes**|**--v**]
+**podman system prune** [*options*]
## DESCRIPTION
**podman system prune** removes all unused containers (both dangling and unreferenced), pods and optionally, volumes from local storage.
@@ -18,14 +14,18 @@ With the `all` option, you can delete all unused images. Unused images are dang
By default, volumes are not removed to prevent important data from being deleted if there is currently no container using the volume. Use the --volumes flag when running the command to prune volumes as well.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Remove all unused images not just dangling ones.
-**--force, -f**
+**--force**, **-f**
Do not prompt for confirmation
+**--help**, **-h**
+
+Print usage statement
+
**--volumes**
Prune volumes not used by at least one container
@@ -33,5 +33,5 @@ Prune volumes not used by at least one container
## SEE ALSO
podman(1), podman-image-prune(1), podman-container-prune(1), podman-pod-prune(1), podman-volume-prune(1)
-# HISTORY
+## HISTORY
February 2019, Originally compiled by Dan Walsh (dwalsh at redhat dot com)
diff --git a/docs/podman-system-renumber.1.md b/docs/podman-system-renumber.1.md
index a88640d63..af498f270 100644
--- a/docs/podman-system-renumber.1.md
+++ b/docs/podman-system-renumber.1.md
@@ -1,13 +1,13 @@
-% podman-system-renumber(1) podman
+% podman-system-renumber(1)
## NAME
podman\-system\-renumber - Renumber container locks
## SYNOPSIS
-** podman system renumber**
+**podman system renumber**
## DESCRIPTION
-** podman system renumber** renumbers locks used by containers and pods.
+**podman system renumber** renumbers locks used by containers and pods.
Each Podman container and pod is allocated a lock at creation time, up to a maximum number controlled by the **num_locks** parameter in **libpod.conf**.
@@ -19,11 +19,8 @@ When all available locks are exhausted, no further containers and pods can be cr
If possible, avoid calling **podman system renumber** while there are other Podman processes running.
-## SYNOPSIS
-**podman system renumber**
-
## SEE ALSO
`podman(1)`, `libpod.conf(5)`
-# HISTORY
+## HISTORY
February 2019, Originally compiled by Matt Heon (mheon at redhat dot com)
diff --git a/docs/podman-tag.1.md b/docs/podman-tag.1.md
index 05bcc5fbc..f3851d8b6 100644
--- a/docs/podman-tag.1.md
+++ b/docs/podman-tag.1.md
@@ -1,11 +1,11 @@
-% podman-tag "1"
+% podman-tag(1)
## NAME
podman\-tag - Add an additional name to a local image
## SYNOPSIS
-**podman tag** *image*[:*tag*] *target-name*[:*tag*]
-[**--help**|**-h**]
+**podman tag** *image*[:*tag*] *target-name*[:*tag*] [*options*]
+
## DESCRIPTION
Assigns a new alias to an image. An alias refers to the entire image name, including the optional
diff --git a/docs/podman-top.1.md b/docs/podman-top.1.md
index 74175b753..564c2f067 100644
--- a/docs/podman-top.1.md
+++ b/docs/podman-top.1.md
@@ -1,4 +1,4 @@
-% podman-top "1"
+% podman-top(1)
## NAME
podman\-top - Display the running processes of a container
@@ -11,11 +11,11 @@ Display the running processes of the container. The *format-descriptors* are ps
## OPTIONS
-**--help, -h**
+**--help**, **-h**
- Print usage statement
+Print usage statement
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
diff --git a/docs/podman-umount.1.md b/docs/podman-umount.1.md
index 795f0402d..8ef7b20ac 100644
--- a/docs/podman-umount.1.md
+++ b/docs/podman-umount.1.md
@@ -1,10 +1,10 @@
-% podman-umount "1"
+% podman-umount(1)
## NAME
podman\-umount - Unmount the specified working containers' root file system.
## SYNOPSIS
-**podman umount** *container* ...
+**podman umount** *container* [...]
## DESCRIPTION
Unmounts the specified containers' root file system, if no other processes
@@ -17,11 +17,11 @@ counter reaches zero indicating no other processes are using the mount.
An unmount can be forced with the --force flag.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
All of the currently mounted containers will be unmounted.
-**--force, -f**
+**--force**, **-f**
Force the unmounting of specified containers' root file system, even if other
processes have mounted it.
@@ -29,7 +29,7 @@ processes have mounted it.
Note: This could cause other processes that are using the file system to fail,
as the mount point could be removed without their knowledge.
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container.
If you use methods other than Podman to run containers such as CRI-O, the last
diff --git a/docs/podman-unpause.1.md b/docs/podman-unpause.1.md
index acfab0930..ef8a4cdb6 100644
--- a/docs/podman-unpause.1.md
+++ b/docs/podman-unpause.1.md
@@ -1,17 +1,17 @@
-% podman-unpause "1"
+% podman-unpause(1)
## NAME
podman\-unpause - Unpause one or more containers
## SYNOPSIS
-**podman unpause** [*options*] [*container*...]
+**podman unpause** [*options*]|[*container* ...]
## DESCRIPTION
Unpauses the processes in one or more containers. You may use container IDs or names as input.
## OPTIONS
-**--all, -a**
+**--all**, **-a**
Unpause all paused containers.
diff --git a/docs/podman-unshare.1.md b/docs/podman-unshare.1.md
index a10fb40f9..d7fefb774 100644
--- a/docs/podman-unshare.1.md
+++ b/docs/podman-unshare.1.md
@@ -1,4 +1,4 @@
-% podman-unshare "1"
+% podman-unshare(1)
## NAME
podman\-unshare - Run a command inside of a modified user namespace.
diff --git a/docs/podman-varlink.1.md b/docs/podman-varlink.1.md
index 0501d853f..0d2ab1668 100644
--- a/docs/podman-varlink.1.md
+++ b/docs/podman-varlink.1.md
@@ -1,4 +1,4 @@
-% podman-varlink "1"
+% podman-varlink(1)
## NAME
podman\-varlink - Runs the varlink backend interface
@@ -12,13 +12,14 @@ URI will be used depending on the user calling the varlink service. The default
users will have a default *uri* of `$XDG_RUNTIME_DIR/podman/io.podman`. For example, `unix:/run/user/1000/podman/io.podman`
The varlink service should generally be done with systemd. See _Configuration_ below.
-## GLOBAL OPTIONS
-**--help, -h**
+## OPTIONS
+
+**--help**, **-h**
+
Print usage statement
-## OPTIONS
-**--timeout, -t**
+**--timeout**, **-t**
The time until the varlink session expires in _milliseconds_. The default is 1
second. A value of `0` means no timeout and the session will not expire.
diff --git a/docs/podman-version.1.md b/docs/podman-version.1.md
index 97977d94b..cb0a3785f 100644
--- a/docs/podman-version.1.md
+++ b/docs/podman-version.1.md
@@ -1,4 +1,4 @@
-% podman-version "1"
+% podman-version(1)
## NAME
podman\-version - Display the PODMAN Version Information
@@ -16,7 +16,7 @@ OS, and Architecture.
Print usage statement
-**--format**, **-f**
+**--format**, **-f**=*format*
Change output format to "json" or a Go template.
diff --git a/docs/podman-volume-create.1.md b/docs/podman-volume-create.1.md
index 795d7b449..3d3eb68b8 100644
--- a/docs/podman-volume-create.1.md
+++ b/docs/podman-volume-create.1.md
@@ -15,7 +15,7 @@ driver options can be set using the **--opt** flag.
## OPTIONS
-**--driver**=""
+**--driver**=*driver*
Specify the volume driver name (default local).
@@ -23,11 +23,11 @@ Specify the volume driver name (default local).
Print usage statement
-**-l**, **--label**=[]
+**-l**, **-label**=*label*
Set metadata for a volume (e.g., --label mykey=value).
-**-o**, **--opt**=[]
+**-o**, **--opt**=*option*
Set driver specific options.
diff --git a/docs/podman-volume-inspect.1.md b/docs/podman-volume-inspect.1.md
index 88cc3cf3e..4900e2feb 100644
--- a/docs/podman-volume-inspect.1.md
+++ b/docs/podman-volume-inspect.1.md
@@ -4,7 +4,7 @@
podman\-volume\-inspect - Inspect one or more volumes
## SYNOPSIS
-**podman volume inspect** [*options*] *volume*...
+**podman volume inspect** [*options*] *volume* [...]
## DESCRIPTION
@@ -19,7 +19,7 @@ existing volumes, use the **--all** flag.
Inspect all volumes.
-**--format**=""
+**--format**=*format*
Format volume output using Go template
diff --git a/docs/podman-volume-ls.1.md b/docs/podman-volume-ls.1.md
index c061e27fe..ef1582153 100644
--- a/docs/podman-volume-ls.1.md
+++ b/docs/podman-volume-ls.1.md
@@ -14,11 +14,11 @@ flag. Use the **--quiet** flag to print only the volume names.
## OPTIONS
-**--filter**=""
+**--filter**=*filter*
Filter volume output.
-**--format**=""
+**--format**=*format*
Format volume output using Go template.
@@ -26,7 +26,7 @@ Format volume output using Go template.
Print usage statement.
-**-q**, **--quiet**=[]
+**-q**, **--quiet**
Print volume output in quiet mode. Only print the volume names.
diff --git a/docs/podman-volume-prune.1.md b/docs/podman-volume-prune.1.md
index 437cad4e5..25ea701a3 100644
--- a/docs/podman-volume-prune.1.md
+++ b/docs/podman-volume-prune.1.md
@@ -14,7 +14,7 @@ unused volumes. To bypass the confirmation, use the **--force** flag.
## OPTIONS
-**-f**, **--force**=""
+**-f**, **--force**
Do not prompt for confirmation.
diff --git a/docs/podman-volume-rm.1.md b/docs/podman-volume-rm.1.md
index 8c3765235..fe047e7da 100644
--- a/docs/podman-volume-rm.1.md
+++ b/docs/podman-volume-rm.1.md
@@ -15,11 +15,11 @@ flag is being used. To remove all the volumes, use the **--all** flag.
## OPTIONS
-**-a**, **--all**=""
+**-a**, **--all**
Remove all volumes.
-**-f**, **--force**=""
+**-f**, **--force**
Remove a volume by force.
If it is being used by containers, the containers will be removed first.
diff --git a/docs/podman-wait.1.md b/docs/podman-wait.1.md
index 9ae4f668e..e1a810ff1 100644
--- a/docs/podman-wait.1.md
+++ b/docs/podman-wait.1.md
@@ -1,4 +1,4 @@
-% podman-wait "1"
+% podman-wait(1)
## NAME
podman\-wait - Wait on one or more containers to stop and print their exit codes
@@ -13,14 +13,14 @@ After the container stops, the container's return code is printed.
## OPTIONS
-**--help, -h**
+**--help**, **-h**
- Print usage statement
+ Print usage statement
-**--interval, -i**"
+**--interval**, **-i**=*microseconds*
Microseconds to wait before polling for completion
-**--latest, -l**
+**--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
diff --git a/docs/podman.1.md b/docs/podman.1.md
index b51cdb854..b6c0628ed 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -21,19 +21,19 @@ created by the other.
## GLOBAL OPTIONS
-**--help, -h**
+**--help**, **-h**
Print usage statement
-**--cgroup-manager**
+**--cgroup-manager**=*manager*
CGroup manager to use for container cgroups. Supported values are cgroupfs or systemd (default). Setting this flag can cause certain commands to break when called on containers created by the other CGroup manager type.
-**--cpu-profile**
+**--cpu-profile**=*path*
Path to where the cpu performance results should be written
-**--hooks-dir**=**path**
+**--hooks-dir**=*path*
Each `*.json` file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated.
@@ -49,40 +49,40 @@ Podman and libpod currently support an additional `precreate` state which is cal
**WARNING**: the `precreate` hook lets you do powerful things, such as adding additional mounts to the runtime configuration. That power also makes it easy to break things. Before reporting libpod errors, try running your container with `precreate` hooks disabled to see if the problem is due to one of your hooks.
-**--log-level**
+**--log-level**=*level*
Log messages above specified level: debug, info, warn, error (default), fatal or panic
-**--namespace**
+**--namespace**=*namespace*
Set libpod namespace. Namespaces are used to separate groups of containers and pods in libpod's state.
When namespace is set, created containers and pods will join the given namespace, and only containers and pods in the given namespace will be visible to Podman.
-**--root**=**value**
+**--root=***value*
Storage root dir in which data, including images, is stored (default: "/var/lib/containers/storage" for UID 0, "$HOME/.local/share/containers/storage" for other users).
Default root dir is configured in /etc/containers/storage.conf.
-**--runroot**=**value**
+**--runroot**=*value*
Storage state directory where all state information is stored (default: "/var/run/containers/storage" for UID 0, "/var/run/user/$UID/run" for other users).
Default state dir is configured in /etc/containers/storage.conf.
-**--runtime**=**value**
+**--runtime**=*value*
Name of the OCI runtime as specified in libpod.conf or absolute path to the OCI compatible binary used to run containers.
-**--network-cmd-path**=**path**
+**--network-cmd-path**=*path*
Path to the command binary to use for setting up a network. It is currently only used for setting up a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable.
-**--storage-driver**=**value**
+**--storage-driver**=*value*
Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for non-root users when *fuse-overlayfs* is not available. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all.
Overriding this option will cause the *storage-opt* settings in /etc/containers/storage.conf to be ignored. The user must
specify additional options via the `--storage-opt` flag.
-**--storage-opt**=**value**
+**--storage-opt**=*value*
Storage driver option, Default storage driver options are configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode). The `STORAGE_OPTS` environment variable overrides the default. The --storage-opt specified options overrides all.
@@ -90,7 +90,7 @@ Storage driver option, Default storage driver options are configured in /etc/con
output logging information to syslog as well as the console
-**--version, -v**
+**--version**, **-v**
Print the version
diff --git a/libpod/container_api.go b/libpod/container_api.go
index c27cb85ea..1894780de 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -10,9 +10,7 @@ import (
"sync"
"time"
- "github.com/containers/libpod/libpod/driver"
"github.com/containers/libpod/libpod/events"
- "github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/lookup"
"github.com/containers/storage/pkg/stringid"
"github.com/docker/docker/oci/caps"
@@ -535,32 +533,6 @@ func (c *Container) RemoveArtifact(name string) error {
return os.Remove(c.getArtifactPath(name))
}
-// Inspect a container for low-level information
-func (c *Container) Inspect(size bool) (*inspect.ContainerInspectData, error) {
- if !c.batched {
- c.lock.Lock()
- defer c.lock.Unlock()
-
- if err := c.syncContainer(); err != nil {
- return nil, err
- }
- }
-
- storeCtr, err := c.runtime.store.Container(c.ID())
- if err != nil {
- return nil, errors.Wrapf(err, "error getting container from store %q", c.ID())
- }
- layer, err := c.runtime.store.Layer(storeCtr.LayerID)
- if err != nil {
- return nil, errors.Wrapf(err, "error reading information about layer %q", storeCtr.LayerID)
- }
- driverData, err := driver.GetDriverData(c.runtime.store, layer.ID)
- if err != nil {
- return nil, errors.Wrapf(err, "error getting graph driver info %q", c.ID())
- }
- return c.getContainerInspectData(size, driverData)
-}
-
// Wait blocks until the container exits and returns its exit code.
func (c *Container) Wait() (int32, error) {
return c.WaitWithInterval(DefaultWaitInterval)
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index a7369bfdd..8e34e7088 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -2,14 +2,127 @@ package libpod
import (
"strings"
+ "time"
- "github.com/containers/libpod/pkg/inspect"
+ "github.com/containers/libpod/libpod/driver"
"github.com/cri-o/ocicni/pkg/ocicni"
specs "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
-func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data) (*inspect.ContainerInspectData, error) {
+// InspectContainerData provides a detailed record of a container's configuration
+// and state as viewed by Libpod.
+// Large portions of this structure are defined such that the output is
+// compatible with `docker inspect` JSON, but additional fields have been added
+// as required to share information not in the original output.
+type InspectContainerData struct {
+ ID string `json:"Id"`
+ Created time.Time `json:"Created"`
+ Path string `json:"Path"`
+ Args []string `json:"Args"`
+ State *InspectContainerState `json:"State"`
+ ImageID string `json:"Image"`
+ ImageName string `json:"ImageName"`
+ Rootfs string `json:"Rootfs"`
+ ResolvConfPath string `json:"ResolvConfPath"`
+ HostnamePath string `json:"HostnamePath"`
+ HostsPath string `json:"HostsPath"`
+ StaticDir string `json:"StaticDir"`
+ LogPath string `json:"LogPath"`
+ ConmonPidFile string `json:"ConmonPidFile"`
+ Name string `json:"Name"`
+ RestartCount int32 `json:"RestartCount"`
+ Driver string `json:"Driver"`
+ MountLabel string `json:"MountLabel"`
+ ProcessLabel string `json:"ProcessLabel"`
+ AppArmorProfile string `json:"AppArmorProfile"`
+ EffectiveCaps []string `json:"EffectiveCaps"`
+ BoundingCaps []string `json:"BoundingCaps"`
+ ExecIDs []string `json:"ExecIDs"`
+ GraphDriver *driver.Data `json:"GraphDriver"`
+ SizeRw int64 `json:"SizeRw,omitempty"`
+ SizeRootFs int64 `json:"SizeRootFs,omitempty"`
+ Mounts []specs.Mount `json:"Mounts"`
+ Dependencies []string `json:"Dependencies"`
+ NetworkSettings *InspectNetworkSettings `json:"NetworkSettings"` //TODO
+ ExitCommand []string `json:"ExitCommand"`
+ Namespace string `json:"Namespace"`
+ IsInfra bool `json:"IsInfra"`
+}
+
+// InspectContainerState provides a detailed record of a container's current
+// state. It is returned as part of InspectContainerData.
+// As with InspectContainerData, many portions of this struct are matched to
+// Docker, but here we see more fields that are unused (nonsensical in the
+// context of Libpod).
+type InspectContainerState struct {
+ OciVersion string `json:"OciVersion"`
+ Status string `json:"Status"`
+ Running bool `json:"Running"`
+ Paused bool `json:"Paused"`
+ Restarting bool `json:"Restarting"` // TODO
+ OOMKilled bool `json:"OOMKilled"`
+ Dead bool `json:"Dead"`
+ Pid int `json:"Pid"`
+ ExitCode int32 `json:"ExitCode"`
+ Error string `json:"Error"` // TODO
+ StartedAt time.Time `json:"StartedAt"`
+ FinishedAt time.Time `json:"FinishedAt"`
+ Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"`
+}
+
+// InspectNetworkSettings holds information about the network settings of the
+// container.
+// Many fields are maintained only for compatibility with `docker inspect` and
+// are unused within Libpod.
+type InspectNetworkSettings struct {
+ Bridge string `json:"Bridge"`
+ SandboxID string `json:"SandboxID"`
+ HairpinMode bool `json:"HairpinMode"`
+ LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"`
+ LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"`
+ Ports []ocicni.PortMapping `json:"Ports"`
+ SandboxKey string `json:"SandboxKey"`
+ SecondaryIPAddresses []string `json:"SecondaryIPAddresses"`
+ SecondaryIPv6Addresses []string `json:"SecondaryIPv6Addresses"`
+ EndpointID string `json:"EndpointID"`
+ Gateway string `json:"Gateway"`
+ GlobalIPv6Address string `json:"GlobalIPv6Address"`
+ GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"`
+ IPAddress string `json:"IPAddress"`
+ IPPrefixLen int `json:"IPPrefixLen"`
+ IPv6Gateway string `json:"IPv6Gateway"`
+ MacAddress string `json:"MacAddress"`
+}
+
+// Inspect a container for low-level information
+func (c *Container) Inspect(size bool) (*InspectContainerData, error) {
+ if !c.batched {
+ c.lock.Lock()
+ defer c.lock.Unlock()
+
+ if err := c.syncContainer(); err != nil {
+ return nil, err
+ }
+ }
+
+ storeCtr, err := c.runtime.store.Container(c.ID())
+ if err != nil {
+ return nil, errors.Wrapf(err, "error getting container from store %q", c.ID())
+ }
+ layer, err := c.runtime.store.Layer(storeCtr.LayerID)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error reading information about layer %q", storeCtr.LayerID)
+ }
+ driverData, err := driver.GetDriverData(c.runtime.store, layer.ID)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error getting graph driver info %q", c.ID())
+ }
+ return c.getContainerInspectData(size, driverData)
+}
+
+func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) (*InspectContainerData, error) {
config := c.config
runtimeInfo := c.state
spec, err := c.specFromState()
@@ -65,12 +178,12 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data)
}
}
- data := &inspect.ContainerInspectData{
+ data := &InspectContainerData{
ID: config.ID,
Created: config.CreatedTime,
Path: path,
Args: args,
- State: &inspect.ContainerInspectState{
+ State: &InspectContainerState{
OciVersion: spec.Version,
Status: runtimeInfo.State.String(),
Running: runtimeInfo.State == ContainerStateRunning,
@@ -106,7 +219,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data)
GraphDriver: driverData,
Mounts: mounts,
Dependencies: c.Dependencies(),
- NetworkSettings: &inspect.NetworkSettings{
+ NetworkSettings: &InspectNetworkSettings{
Bridge: "", // TODO
SandboxID: "", // TODO - is this even relevant?
HairpinMode: false, // TODO
diff --git a/libpod/driver/driver.go b/libpod/driver/driver.go
index 717ac2a4d..f9442fa21 100644
--- a/libpod/driver/driver.go
+++ b/libpod/driver/driver.go
@@ -1,10 +1,15 @@
package driver
import (
- "github.com/containers/libpod/pkg/inspect"
cstorage "github.com/containers/storage"
)
+// Data handles the data for a storage driver
+type Data struct {
+ Name string `json:"Name"`
+ Data map[string]string `json:"Data"`
+}
+
// GetDriverName returns the name of the driver for the given store
func GetDriverName(store cstorage.Store) (string, error) {
driver, err := store.GraphDriver()
@@ -24,7 +29,7 @@ func GetDriverMetadata(store cstorage.Store, layerID string) (map[string]string,
}
// GetDriverData returns the Data struct with information of the driver used by the store
-func GetDriverData(store cstorage.Store, layerID string) (*inspect.Data, error) {
+func GetDriverData(store cstorage.Store, layerID string) (*Data, error) {
name, err := GetDriverName(store)
if err != nil {
return nil, err
@@ -33,7 +38,7 @@ func GetDriverData(store cstorage.Store, layerID string) (*inspect.Data, error)
if err != nil {
return nil, err
}
- return &inspect.Data{
+ return &Data{
Name: name,
Data: metaData,
}, nil
diff --git a/libpod/healthcheck.go b/libpod/healthcheck.go
index 5c48cc8ee..3e36a2c95 100644
--- a/libpod/healthcheck.go
+++ b/libpod/healthcheck.go
@@ -9,7 +9,6 @@ import (
"strings"
"time"
- "github.com/containers/libpod/pkg/inspect"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -53,6 +52,28 @@ const (
HealthCheckStarting string = "starting"
)
+// HealthCheckResults describes the results/logs from a healthcheck
+type HealthCheckResults struct {
+ // Status healthy or unhealthy
+ Status string `json:"Status"`
+ // FailingStreak is the number of consecutive failed healthchecks
+ FailingStreak int `json:"FailingStreak"`
+ // Log describes healthcheck attempts and results
+ Log []HealthCheckLog `json:"Log"`
+}
+
+// HealthCheckLog describes the results of a single healthcheck
+type HealthCheckLog struct {
+ // Start time as string
+ Start string `json:"Start"`
+ // End time as a string
+ End string `json:"End"`
+ // Exitcode is 0 or 1
+ ExitCode int `json:"ExitCode"`
+ // Output is the stdout/stderr from the healthcheck command
+ Output string `json:"Output"`
+}
+
// hcWriteCloser allows us to use bufio as a WriteCloser
type hcWriteCloser struct {
*bufio.Writer
@@ -157,8 +178,8 @@ func checkHealthCheckCanBeRun(c *Container) (HealthCheckStatus, error) {
return HealthCheckDefined, nil
}
-func newHealthCheckLog(start, end time.Time, exitCode int, log string) inspect.HealthCheckLog {
- return inspect.HealthCheckLog{
+func newHealthCheckLog(start, end time.Time, exitCode int, log string) HealthCheckLog {
+ return HealthCheckLog{
Start: start.Format(time.RFC3339Nano),
End: end.Format(time.RFC3339Nano),
ExitCode: exitCode,
@@ -182,7 +203,7 @@ func (c *Container) updateHealthStatus(status string) error {
}
// UpdateHealthCheckLog parses the health check results and writes the log
-func (c *Container) updateHealthCheckLog(hcl inspect.HealthCheckLog, inStartPeriod bool) error {
+func (c *Container) updateHealthCheckLog(hcl HealthCheckLog, inStartPeriod bool) error {
healthCheck, err := c.GetHealthCheckLog()
if err != nil {
return err
@@ -223,8 +244,8 @@ func (c *Container) healthCheckLogPath() string {
// GetHealthCheckLog returns HealthCheck results by reading the container's
// health check log file. If the health check log file does not exist, then
// an empty healthcheck struct is returned
-func (c *Container) GetHealthCheckLog() (inspect.HealthCheckResults, error) {
- var healthCheck inspect.HealthCheckResults
+func (c *Container) GetHealthCheckLog() (HealthCheckResults, error) {
+ var healthCheck HealthCheckResults
if _, err := os.Stat(c.healthCheckLogPath()); os.IsNotExist(err) {
return healthCheck, nil
}
diff --git a/libpod/image/image.go b/libpod/image/image.go
index b965a4640..89a68a1bd 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -659,7 +659,7 @@ func (i *Image) Size(ctx context.Context) (*uint64, error) {
}
// DriverData gets the driver data from the store on a layer
-func (i *Image) DriverData() (*inspect.Data, error) {
+func (i *Image) DriverData() (*driver.Data, error) {
topLayer, err := i.Layer()
if err != nil {
return nil, err
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index b8a916de3..ed9ad5f0d 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -17,7 +17,6 @@ import (
cnitypes "github.com/containernetworking/cni/pkg/types/current"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/libpod/pkg/firewall"
- "github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/netns"
"github.com/containers/libpod/pkg/rootless"
"github.com/cri-o/ocicni/pkg/ocicni"
@@ -470,7 +469,7 @@ func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) {
return netStats, err
}
-func (c *Container) getContainerNetworkInfo(data *inspect.ContainerInspectData) *inspect.ContainerInspectData {
+func (c *Container) getContainerNetworkInfo(data *InspectContainerData) *InspectContainerData {
if c.state.NetNS != nil && len(c.state.NetworkStatus) > 0 {
// Report network settings from the first pod network
result := c.state.NetworkStatus[0]
diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go
index 3a8ac4455..1e46ca40b 100644
--- a/libpod/networking_unsupported.go
+++ b/libpod/networking_unsupported.go
@@ -2,10 +2,6 @@
package libpod
-import (
- "github.com/containers/libpod/pkg/inspect"
-)
-
func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
return ErrNotImplemented
}
@@ -22,6 +18,6 @@ func (r *Runtime) createNetNS(ctr *Container) (err error) {
return ErrNotImplemented
}
-func (c *Container) getContainerNetworkInfo(data *inspect.ContainerInspectData) *inspect.ContainerInspectData {
+func (c *Container) getContainerNetworkInfo(data *InspectContainerData) *InspectContainerData {
return nil
}
diff --git a/pkg/adapter/containers_remote.go b/pkg/adapter/containers_remote.go
index 776fcbb70..cf0b90b3a 100644
--- a/pkg/adapter/containers_remote.go
+++ b/pkg/adapter/containers_remote.go
@@ -16,7 +16,6 @@ import (
"github.com/containers/libpod/cmd/podman/shared"
iopodman "github.com/containers/libpod/cmd/podman/varlink"
"github.com/containers/libpod/libpod"
- "github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/varlinkapi/virtwriter"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/docker/docker/pkg/term"
@@ -29,12 +28,12 @@ import (
)
// Inspect returns an inspect struct from varlink
-func (c *Container) Inspect(size bool) (*inspect.ContainerInspectData, error) {
+func (c *Container) Inspect(size bool) (*libpod.InspectContainerData, error) {
reply, err := iopodman.ContainerInspectData().Call(c.Runtime.Conn, c.ID(), size)
if err != nil {
return nil, err
}
- data := inspect.ContainerInspectData{}
+ data := libpod.InspectContainerData{}
if err := json.Unmarshal([]byte(reply), &data); err != nil {
return nil, err
}
diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go
index 2082bb3a6..ec3d98613 100644
--- a/pkg/inspect/inspect.go
+++ b/pkg/inspect/inspect.go
@@ -3,110 +3,11 @@ package inspect
import (
"time"
- "github.com/containers/image/manifest"
- "github.com/cri-o/ocicni/pkg/ocicni"
- "github.com/docker/go-connections/nat"
+ "github.com/containers/libpod/libpod/driver"
"github.com/opencontainers/go-digest"
"github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/opencontainers/runtime-spec/specs-go"
)
-// ContainerData holds the podman inspect data for a container
-type ContainerData struct {
- *ContainerInspectData
- HostConfig *HostConfig `json:"HostConfig"`
- Config *CtrConfig `json:"Config"`
-}
-
-// HostConfig represents the host configuration for the container
-type HostConfig struct {
- ContainerIDFile string `json:"ContainerIDFile"`
- LogConfig *LogConfig `json:"LogConfig"` //TODO
- NetworkMode string `json:"NetworkMode"`
- PortBindings nat.PortMap `json:"PortBindings"` //TODO
- AutoRemove bool `json:"AutoRemove"`
- CapAdd []string `json:"CapAdd"`
- CapDrop []string `json:"CapDrop"`
- DNS []string `json:"DNS"`
- DNSOptions []string `json:"DNSOptions"`
- DNSSearch []string `json:"DNSSearch"`
- ExtraHosts []string `json:"ExtraHosts"`
- GroupAdd []uint32 `json:"GroupAdd"`
- IpcMode string `json:"IpcMode"`
- Cgroup string `json:"Cgroup"`
- OomScoreAdj *int `json:"OomScoreAdj"`
- PidMode string `json:"PidMode"`
- Privileged bool `json:"Privileged"`
- PublishAllPorts bool `json:"PublishAllPorts"` //TODO
- ReadOnlyRootfs bool `json:"ReadonlyRootfs"`
- ReadOnlyTmpfs bool `json:"ReadonlyTmpfs"`
- SecurityOpt []string `json:"SecurityOpt"`
- UTSMode string `json:"UTSMode"`
- UsernsMode string `json:"UsernsMode"`
- ShmSize int64 `json:"ShmSize"`
- Runtime string `json:"Runtime"`
- ConsoleSize *specs.Box `json:"ConsoleSize"`
- CPUShares *uint64 `json:"CpuShares"`
- Memory int64 `json:"Memory"`
- NanoCPUs int `json:"NanoCpus"`
- CgroupParent string `json:"CgroupParent"`
- BlkioWeight *uint16 `json:"BlkioWeight"`
- BlkioWeightDevice []specs.LinuxWeightDevice `json:"BlkioWeightDevice"`
- BlkioDeviceReadBps []specs.LinuxThrottleDevice `json:"BlkioDeviceReadBps"`
- BlkioDeviceWriteBps []specs.LinuxThrottleDevice `json:"BlkioDeviceWriteBps"`
- BlkioDeviceReadIOps []specs.LinuxThrottleDevice `json:"BlkioDeviceReadIOps"`
- BlkioDeviceWriteIOps []specs.LinuxThrottleDevice `json:"BlkioDeviceWriteIOps"`
- CPUPeriod *uint64 `json:"CpuPeriod"`
- CPUQuota *int64 `json:"CpuQuota"`
- CPURealtimePeriod *uint64 `json:"CpuRealtimePeriod"`
- CPURealtimeRuntime *int64 `json:"CpuRealtimeRuntime"`
- CPUSetCPUs string `json:"CpuSetCpus"`
- CPUSetMems string `json:"CpuSetMems"`
- Devices []specs.LinuxDevice `json:"Devices"`
- DiskQuota int `json:"DiskQuota"` //check type, TODO
- KernelMemory *int64 `json:"KernelMemory"`
- MemoryReservation *int64 `json:"MemoryReservation"`
- MemorySwap *int64 `json:"MemorySwap"`
- MemorySwappiness *uint64 `json:"MemorySwappiness"`
- OomKillDisable *bool `json:"OomKillDisable"`
- PidsLimit *int64 `json:"PidsLimit"`
- Ulimits []string `json:"Ulimits"`
- CPUCount int `json:"CpuCount"`
- CPUPercent int `json:"CpuPercent"`
- IOMaximumIOps int `json:"IOMaximumIOps"` //check type, TODO
- IOMaximumBandwidth int `json:"IOMaximumBandwidth"` //check type, TODO
- Tmpfs []string `json:"Tmpfs"`
-}
-
-// CtrConfig holds information about the container configuration
-type CtrConfig struct {
- Hostname string `json:"Hostname"`
- DomainName string `json:"Domainname"` //TODO
- User specs.User `json:"User"`
- AttachStdin bool `json:"AttachStdin"` //TODO
- AttachStdout bool `json:"AttachStdout"` //TODO
- AttachStderr bool `json:"AttachStderr"` //TODO
- Tty bool `json:"Tty"`
- OpenStdin bool `json:"OpenStdin"`
- StdinOnce bool `json:"StdinOnce"` //TODO
- Env []string `json:"Env"`
- Cmd []string `json:"Cmd"`
- Image string `json:"Image"`
- Volumes map[string]struct{} `json:"Volumes"`
- WorkingDir string `json:"WorkingDir"`
- Entrypoint string `json:"Entrypoint"`
- Labels map[string]string `json:"Labels"`
- Annotations map[string]string `json:"Annotations"`
- StopSignal uint `json:"StopSignal"`
- Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"`
-}
-
-// LogConfig holds the log information for a container
-type LogConfig struct {
- Type string `json:"Type"`
- Config map[string]string `json:"Config"` //idk type, TODO
-}
-
// ImageData holds the inspect information of an image
type ImageData struct {
ID string `json:"Id"`
@@ -123,7 +24,7 @@ type ImageData struct {
Os string `json:"Os"`
Size int64 `json:"Size"`
VirtualSize int64 `json:"VirtualSize"`
- GraphDriver *Data `json:"GraphDriver"`
+ GraphDriver *driver.Data `json:"GraphDriver"`
RootFS *RootFS `json:"RootFS"`
Labels map[string]string `json:"Labels"`
Annotations map[string]string `json:"Annotations"`
@@ -138,86 +39,6 @@ type RootFS struct {
Layers []digest.Digest `json:"Layers"`
}
-// Data handles the data for a storage driver
-type Data struct {
- Name string `json:"Name"`
- Data map[string]string `json:"Data"`
-}
-
-// ContainerInspectData handles the data used when inspecting a container
-type ContainerInspectData struct {
- ID string `json:"ID"`
- Created time.Time `json:"Created"`
- Path string `json:"Path"`
- Args []string `json:"Args"`
- State *ContainerInspectState `json:"State"`
- ImageID string `json:"Image"`
- ImageName string `json:"ImageName"`
- Rootfs string `json:"Rootfs"`
- ResolvConfPath string `json:"ResolvConfPath"`
- HostnamePath string `json:"HostnamePath"`
- HostsPath string `json:"HostsPath"`
- StaticDir string `json:"StaticDir"`
- LogPath string `json:"LogPath"`
- ConmonPidFile string `json:"ConmonPidFile"`
- Name string `json:"Name"`
- RestartCount int32 `json:"RestartCount"`
- Driver string `json:"Driver"`
- MountLabel string `json:"MountLabel"`
- ProcessLabel string `json:"ProcessLabel"`
- AppArmorProfile string `json:"AppArmorProfile"`
- EffectiveCaps []string `json:"EffectiveCaps"`
- BoundingCaps []string `json:"BoundingCaps"`
- ExecIDs []string `json:"ExecIDs"`
- GraphDriver *Data `json:"GraphDriver"`
- SizeRw int64 `json:"SizeRw,omitempty"`
- SizeRootFs int64 `json:"SizeRootFs,omitempty"`
- Mounts []specs.Mount `json:"Mounts"`
- Dependencies []string `json:"Dependencies"`
- NetworkSettings *NetworkSettings `json:"NetworkSettings"` //TODO
- ExitCommand []string `json:"ExitCommand"`
- Namespace string `json:"Namespace"`
- IsInfra bool `json:"IsInfra"`
-}
-
-// ContainerInspectState represents the state of a container.
-type ContainerInspectState struct {
- OciVersion string `json:"OciVersion"`
- Status string `json:"Status"`
- Running bool `json:"Running"`
- Paused bool `json:"Paused"`
- Restarting bool `json:"Restarting"` // TODO
- OOMKilled bool `json:"OOMKilled"`
- Dead bool `json:"Dead"`
- Pid int `json:"Pid"`
- ExitCode int32 `json:"ExitCode"`
- Error string `json:"Error"` // TODO
- StartedAt time.Time `json:"StartedAt"`
- FinishedAt time.Time `json:"FinishedAt"`
- Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"`
-}
-
-// NetworkSettings holds information about the newtwork settings of the container
-type NetworkSettings struct {
- Bridge string `json:"Bridge"`
- SandboxID string `json:"SandboxID"`
- HairpinMode bool `json:"HairpinMode"`
- LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"`
- LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"`
- Ports []ocicni.PortMapping `json:"Ports"`
- SandboxKey string `json:"SandboxKey"`
- SecondaryIPAddresses []string `json:"SecondaryIPAddresses"`
- SecondaryIPv6Addresses []string `json:"SecondaryIPv6Addresses"`
- EndpointID string `json:"EndpointID"`
- Gateway string `json:"Gateway"`
- GlobalIPv6Address string `json:"GlobalIPv6Address"`
- GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"`
- IPAddress string `json:"IPAddress"`
- IPPrefixLen int `json:"IPPrefixLen"`
- IPv6Gateway string `json:"IPv6Gateway"`
- MacAddress string `json:"MacAddress"`
-}
-
// ImageResult is used for podman images for collection and output
type ImageResult struct {
Tag string
@@ -232,25 +53,3 @@ type ImageResult struct {
Labels map[string]string
Dangling bool
}
-
-// HealthCheckResults describes the results/logs from a healthcheck
-type HealthCheckResults struct {
- // Status healthy or unhealthy
- Status string `json:"Status"`
- // FailingStreak is the number of consecutive failed healthchecks
- FailingStreak int `json:"FailingStreak"`
- // Log describes healthcheck attempts and results
- Log []HealthCheckLog `json:"Log"`
-}
-
-// HealthCheckLog describes the results of a single healthcheck
-type HealthCheckLog struct {
- // Start time as string
- Start string `json:"Start"`
- // End time as a string
- End string `json:"End"`
- // Exitcode is 0 or 1
- ExitCode int `json:"ExitCode"`
- // Output is the stdout/stderr from the healthcheck command
- Output string `json:"Output"`
-}
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 0cac50fc0..3f78ffc67 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -24,6 +24,7 @@ import (
/*
#cgo remoteclient CFLAGS: -DDISABLE_JOIN_SHORTCUT
#include <stdlib.h>
+#include <sys/types.h>
extern uid_t rootless_uid();
extern uid_t rootless_gid();
extern int reexec_in_user_namespace(int ready, char *pause_pid_file_path, char *file_to_read, int fd);
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 0a388dc42..9529346b4 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -11,6 +11,7 @@ import (
"strings"
"testing"
+ "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/rootless"
@@ -319,7 +320,7 @@ func (s *PodmanSessionIntegration) InspectImageJSON() []inspect.ImageData {
}
// InspectContainer returns a container's inspect data in JSON format
-func (p *PodmanTestIntegration) InspectContainer(name string) []inspect.ContainerData {
+func (p *PodmanTestIntegration) InspectContainer(name string) []shared.InspectContainer {
cmd := []string{"inspect", name}
session := p.Podman(cmd)
session.WaitWithDefaultTimeout()
@@ -466,8 +467,8 @@ func (p *PodmanTestIntegration) PullImage(image string) error {
// InspectContainerToJSON takes the session output of an inspect
// container and returns json
-func (s *PodmanSessionIntegration) InspectContainerToJSON() []inspect.ContainerData {
- var i []inspect.ContainerData
+func (s *PodmanSessionIntegration) InspectContainerToJSON() []shared.InspectContainer {
+ var i []shared.InspectContainer
err := json.Unmarshal(s.Out.Contents(), &i)
Expect(err).To(BeNil())
return i