diff options
-rw-r--r-- | docs/podman-run.1.md | 4 | ||||
-rw-r--r-- | pkg/hooks/docs/oci-hooks.5.md | 8 | ||||
-rw-r--r-- | pkg/spec/createconfig.go | 14 |
3 files changed, 18 insertions, 8 deletions
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index e255119d7..b2baae07a 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -289,7 +289,7 @@ on the host system. Run the container in a new user namespace using the supplied mapping. This option conflicts with the --userns and --subgidname flags. This option can be passed several times to map different ranges. If calling Podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subuid(5)`. -The example maps gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000` +The example maps gids 0-1999 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000` **--group-add**=*group* @@ -800,7 +800,7 @@ standard input. Run the container in a new user namespace using the supplied mapping. This option conflicts with the --userns and --subuidname flags. This option can be passed several times to map different ranges. If calling Podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subuid(5)`. -The example maps uids 0-2000 in the container to the uids 30000-31999 on the host. `--uidmap=0:30000:2000` +The example maps uids 0-1999 in the container to the uids 30000-31999 on the host. `--uidmap=0:30000:2000` **--ulimit**=*option* diff --git a/pkg/hooks/docs/oci-hooks.5.md b/pkg/hooks/docs/oci-hooks.5.md index fc0442283..0a01e1bb8 100644 --- a/pkg/hooks/docs/oci-hooks.5.md +++ b/pkg/hooks/docs/oci-hooks.5.md @@ -88,9 +88,9 @@ $ cat /etc/containers/oci/hooks.d/oci-systemd-hook.json "version": "1.0.0", "hook": { "path": "/usr/libexec/oci/hooks.d/oci-systemd-hook" - } + }, "when": { - "commands": [".*/init$" , ".*/systemd$"], + "commands": [".*/init$" , ".*/systemd$"] }, "stages": ["prestart", "poststop"] } @@ -105,9 +105,9 @@ $ cat /etc/containers/oci/hooks.d/oci-umount.json "hook": { "path": "/usr/libexec/oci/hooks.d/oci-umount", "args": ["oci-umount", "--debug"], - } + }, "when": { - "hasBindMounts": true, + "hasBindMounts": true }, "stages": ["prestart"] } diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 3685450f0..2addfda4b 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -104,7 +104,8 @@ type CreateConfig struct { NetworkAlias []string //network-alias PidMode namespaces.PidMode //pid Pod string //pod - CgroupMode namespaces.CgroupMode //cgroup + PodmanPath string + CgroupMode namespaces.CgroupMode //cgroup PortBindings nat.PortMap Privileged bool //privileged Publish []string //publish @@ -153,7 +154,16 @@ func (c *CreateConfig) createExitCommand(runtime *libpod.Runtime) ([]string, err return nil, err } - cmd, _ := os.Executable() + // We need a cleanup process for containers in the current model. + // But we can't assume that the caller is Podman - it could be another + // user of the API. + // As such, provide a way to specify a path to Podman, so we can + // still invoke a cleanup process. + cmd := c.PodmanPath + if cmd == "" { + cmd, _ = os.Executable() + } + command := []string{cmd, "--root", config.StorageConfig.GraphRoot, "--runroot", config.StorageConfig.RunRoot, |