summaryrefslogtreecommitdiff
path: root/docs/podman-run.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/podman-run.1.md')
-rw-r--r--docs/podman-run.1.md43
1 files changed, 32 insertions, 11 deletions
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index dfc634288..d6d8f4c1e 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -289,7 +289,7 @@ on the host system.
Run the container in a new user namespace using the supplied mapping. This option conflicts with the --userns and --subgidname flags.
This option can be passed several times to map different ranges. If calling Podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subuid(5)`.
-The example maps gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000`
+The example maps gids 0-1999 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000`
**--group-add**=*group*
@@ -526,11 +526,14 @@ This works for both background and foreground containers.
**--network**, **--net**=*node*
Set the Network mode for the container. Invalid if using **--dns**, **--dns-option**, or **--dns-search** with **--network** that is set to 'none' or 'container:<name|id>'.
+
+Valid values are:
+
- `bridge`: create a network stack on the default bridge
- `none`: no networking
- `container:<name|id>`: reuse another container's network stack
- `host`: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-- `<network-name>|<network-id>`: connect to a user-defined network
+- `<network-name>|<network-id>`: connect to a user-defined network, multiple networks should be comma separated
- `ns:<path>`: path to a network namespace to join
- `slirp4netns`: use slirp4netns to create a user network stack. This is the default for rootless containers
@@ -645,6 +648,7 @@ If container is running in --read-only mode, then mount a read-write tmpfs on /r
Restart policy to follow when containers exit.
Restart policy will not take effect if a container is stopped via the `podman kill` or `podman stop` commands.
+
Valid values are:
- `no` : Do not restart containers on exit
@@ -747,12 +751,17 @@ Network Namespace - current sysctls allowed:
Note: if you use the `--network=host` option these sysctls will not be allowed.
-**--systemd**=*true|false*
+**--systemd**=*true|false|always*
Run container in systemd mode. The default is *true*.
-If the command you are running inside of the container is systemd or init, Podman
-will setup tmpfs mount points in the following directories:
+The value *always* enforces the systemd mode is enforced without
+looking at the executable name. Otherwise, if set to true and the
+command you are running inside the container is systemd, /usr/sbin/init
+or /sbin/init.
+
+If the command you are running inside of the container is systemd
+Podman will setup tmpfs mount points in the following directories:
/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
@@ -794,7 +803,7 @@ standard input.
Run the container in a new user namespace using the supplied mapping. This option conflicts with the --userns and --subuidname flags.
This option can be passed several times to map different ranges. If calling Podman run as an unprivileged user, the user needs to have the right to use the mapping. See `subuid(5)`.
-The example maps uids 0-2000 in the container to the uids 30000-31999 on the host. `--uidmap=0:30000:2000`
+The example maps uids 0-1999 in the container to the uids 30000-31999 on the host. `--uidmap=0:30000:2000`
**--ulimit**=*option*
@@ -834,7 +843,7 @@ Set the UTS mode for the container
**NOTE**: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
-**--volume**, **-v**[=*[HOST-DIR-OR-VOUME-NAME:CONTAINER-DIR[:OPTIONS]]*]
+**--volume**, **-v**[=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]
Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman
bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman
@@ -848,11 +857,23 @@ create one.
* [`z`|`Z`]
* [`[r]shared`|`[r]slave`|`[r]private`]
-The `/CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `/HOST-DIR`
-must be an absolute path as well. Podman bind-mounts the `HOST-DIR` to the
-path you specify. For example, if you supply the `/foo` value, Podman creates a bind-mount.
+The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
+will be mounted into the container at this directory.
+
+Volumes may specify a source as well, as either a directory on the host or the
+name of a named volume. If no source is given, the volume will be created as an
+anonymous named volume with a randomly generated name, and will be removed when
+the container is removed via the `--rm` flag or `podman rm --volumes`.
+
+If a volume source is specified, it must be a path on the host or the name of a
+named volume. Host paths are allowed to be absolute or relative; relative paths
+are resolved relative to the directory Podman is run in. Any source that does
+not begin with a `.` or `/` it will be treated as the name of a named volume.
+If a volume with that name does not exist, it will be created. Volumes created
+with names are not anonymous and are not removed by `--rm` and
+`podman rm --volumes`.
-You can specify multiple **-v** options to mount one or more mounts to a
+You can specify multiple **-v** options to mount one or more volumes into a
container.
You can add `:ro` or `:rw` suffix to a volume to mount it read-only or
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-16 10:02:14 +0000