39 files changed, 204 insertions, 8 deletions

diff --git a/docs/source/markdown/options/annotation.container.md b/docs/source/markdown/options/annotation.container.md
index bd561a15f..0d155e5e4 100644
--- a/docs/source/markdown/options/annotation.container.md
+++ b/docs/source/markdown/options/annotation.container.md
@@ -1,3 +1,3 @@
 #### **--annotation**=*key=value*
 
-Add an annotation to the container<| or pod>. This option can be set multiple times.
+Add an annotation to the container<<| or pod>>. This option can be set multiple times.
diff --git a/docs/source/markdown/options/arch.md b/docs/source/markdown/options/arch.md
index 005197707..76fb349a0 100644
--- a/docs/source/markdown/options/arch.md
+++ b/docs/source/markdown/options/arch.md
@@ -1,2 +1,3 @@
 #### **--arch**=*ARCH*
 Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`.
+Unless overridden, subsequent lookups of the same image in the local storage will match this architecture, regardless of the host.
diff --git a/docs/source/markdown/options/authfile.md b/docs/source/markdown/options/authfile.md
new file mode 100644
index 000000000..d6198aa24
--- /dev/null
+++ b/docs/source/markdown/options/authfile.md
@@ -0,0 +1,6 @@
+#### **--authfile**=*path*
+
+Path of the authentication file. Default is `${XDG_RUNTIME_DIR}/containers/auth.json`, which is set using **[podman login](podman-login.1.md)**.
+If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using **docker login**.
+
+Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**.
diff --git a/docs/source/markdown/options/blkio-weight.md b/docs/source/markdown/options/blkio-weight.md
index eb8e94144..04a1071c0 100644
--- a/docs/source/markdown/options/blkio-weight.md
+++ b/docs/source/markdown/options/blkio-weight.md
@@ -1,3 +1,5 @@
 #### **--blkio-weight**=*weight*
 
 Block IO relative weight. The _weight_ is a value between **10** and **1000**.
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cert-dir.md b/docs/source/markdown/options/cert-dir.md
new file mode 100644
index 000000000..4d05075cf
--- /dev/null
+++ b/docs/source/markdown/options/cert-dir.md
@@ -0,0 +1,5 @@
+#### **--cert-dir**=*path*
+
+Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
+Please refer to **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** for details.
+(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
diff --git a/docs/source/markdown/options/cidfile.read.md b/docs/source/markdown/options/cidfile.read.md
new file mode 100644
index 000000000..414700fca
--- /dev/null
+++ b/docs/source/markdown/options/cidfile.read.md
@@ -0,0 +1,4 @@
+#### **--cidfile**=*file*
+
+Read container ID from the specified *file* and <<subcommand>> the container.
+Can be specified multiple times.
diff --git a/docs/source/markdown/options/cidfile.write.md b/docs/source/markdown/options/cidfile.write.md
new file mode 100644
index 000000000..b5e7435b2
--- /dev/null
+++ b/docs/source/markdown/options/cidfile.write.md
@@ -0,0 +1,3 @@
+#### **--cidfile**=*file*
+
+Write the container ID to *file*.
diff --git a/docs/source/markdown/options/color.md b/docs/source/markdown/options/color.md
new file mode 100644
index 000000000..343c79c88
--- /dev/null
+++ b/docs/source/markdown/options/color.md
@@ -0,0 +1,3 @@
+#### **--color**
+
+Output the containers with different colors in the log.
diff --git a/docs/source/markdown/options/cpu-period.md b/docs/source/markdown/options/cpu-period.md
index 8df6445e9..5c5eb56e7 100644
--- a/docs/source/markdown/options/cpu-period.md
+++ b/docs/source/markdown/options/cpu-period.md
@@ -5,6 +5,8 @@ duration in microseconds. Once the container's CPU quota is used up, it will
 not be scheduled to run until the current period ends. Defaults to 100000
 microseconds.
 
-On some systems, changing the CPU limits may not be allowed for non-root
+On some systems, changing the resource limits may not be allowed for non-root
 users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpu-quota.md b/docs/source/markdown/options/cpu-quota.md
index 67b9dee8c..81d5db3d2 100644
--- a/docs/source/markdown/options/cpu-quota.md
+++ b/docs/source/markdown/options/cpu-quota.md
@@ -7,6 +7,8 @@ CPU resource. The limit is a number in microseconds. If a number is provided,
 the container will be allowed to use that much CPU time until the CPU period
 ends (controllable via **--cpu-period**).
 
-On some systems, changing the CPU limits may not be allowed for non-root
+On some systems, changing the resource limits may not be allowed for non-root
 users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpu-rt-period.md b/docs/source/markdown/options/cpu-rt-period.md
index 9014beb33..36e88632e 100644
--- a/docs/source/markdown/options/cpu-rt-period.md
+++ b/docs/source/markdown/options/cpu-rt-period.md
@@ -4,4 +4,4 @@ Limit the CPU real-time period in microseconds.
 
 Limit the container's Real Time CPU usage. This option tells the kernel to restrict the container's Real Time CPU usage to the period specified.
 
-This option is not supported on cgroups V2 systems.
+This option is only supported on cgroups V1 rootful systems.
diff --git a/docs/source/markdown/options/cpu-rt-runtime.md b/docs/source/markdown/options/cpu-rt-runtime.md
index 05b1d3b96..64f0ec38b 100644
--- a/docs/source/markdown/options/cpu-rt-runtime.md
+++ b/docs/source/markdown/options/cpu-rt-runtime.md
@@ -7,4 +7,4 @@ Period of 1,000,000us and Runtime of 950,000us means that this container could c
 
 The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
 
-This option is not supported on cgroups V2 systems.
+This option is only supported on cgroups V1 rootful systems.
diff --git a/docs/source/markdown/options/cpu-shares.md b/docs/source/markdown/options/cpu-shares.md
index a5aacd2ca..c0e2c3035 100644
--- a/docs/source/markdown/options/cpu-shares.md
+++ b/docs/source/markdown/options/cpu-shares.md
@@ -33,3 +33,9 @@ this can result in the following division of CPU shares:
 | 100  |  C0         | 0       | 100% of CPU0 |
 | 101  |  C1         | 1       | 100% of CPU1 |
 | 102  |  C1         | 2       | 100% of CPU2 |
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpus.container.md b/docs/source/markdown/options/cpus.container.md
new file mode 100644
index 000000000..63f243e11
--- /dev/null
+++ b/docs/source/markdown/options/cpus.container.md
@@ -0,0 +1,11 @@
+#### **--cpus**=*number*
+
+Number of CPUs. The default is *0.0* which means no limit. This is shorthand
+for **--cpu-period** and **--cpu-quota**, so you may only set either
+**--cpus** or **--cpu-period** and **--cpu-quota**.
+
+On some systems, changing the CPU limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpuset-cpus.md b/docs/source/markdown/options/cpuset-cpus.md
index d717516a0..8a2a82e9f 100644
--- a/docs/source/markdown/options/cpuset-cpus.md
+++ b/docs/source/markdown/options/cpuset-cpus.md
@@ -3,3 +3,9 @@
 CPUs in which to allow execution. Can be specified as a comma-separated list
 (e.g. **0,1**), as a range (e.g. **0-3**), or any combination thereof
 (e.g. **0-3,7,11-15**).
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpuset-mems.md b/docs/source/markdown/options/cpuset-mems.md
index d2d13eb54..b86d0ef6b 100644
--- a/docs/source/markdown/options/cpuset-mems.md
+++ b/docs/source/markdown/options/cpuset-mems.md
@@ -6,3 +6,9 @@ NUMA systems.
 If there are four memory nodes on the system (0-3), use **--cpuset-mems=0,1**
 then processes in the container will only use memory from the first
 two memory nodes.
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/creds.md b/docs/source/markdown/options/creds.md
new file mode 100644
index 000000000..23399dda4
--- /dev/null
+++ b/docs/source/markdown/options/creds.md
@@ -0,0 +1,5 @@
+#### **--creds**=*[username[:password]]*
+
+The [username[:password]] to use to authenticate with the registry if required.
+If one or both values are not supplied, a command line prompt will appear and the
+value can be entered.  The password is entered without echo.
diff --git a/docs/source/markdown/options/device-cgroup-rule.md b/docs/source/markdown/options/device-cgroup-rule.md
new file mode 100644
index 000000000..0ba3d4668
--- /dev/null
+++ b/docs/source/markdown/options/device-cgroup-rule.md
@@ -0,0 +1,6 @@
+#### **--device-cgroup-rule**=*"type major:minor mode"*
+
+Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
+       - type: a (all), c (char), or b (block);
+       - major and minor: either a number, or * for all;
+       - mode: a composition of r (read), w (write), and m (mknod(2)).
diff --git a/docs/source/markdown/options/disable-content-trust.md b/docs/source/markdown/options/disable-content-trust.md
new file mode 100644
index 000000000..a2d1d8ad7
--- /dev/null
+++ b/docs/source/markdown/options/disable-content-trust.md
@@ -0,0 +1,5 @@
+#### **--disable-content-trust**
+
+This is a Docker-specific option to disable image verification to a container
+registry and is not supported by Podman. This option is a NOOP and provided
+solely for scripting compatibility.
diff --git a/docs/source/markdown/options/dns-opt.container.md b/docs/source/markdown/options/dns-opt.container.md
new file mode 100644
index 000000000..ea26fd013
--- /dev/null
+++ b/docs/source/markdown/options/dns-opt.container.md
@@ -0,0 +1,3 @@
+#### **--dns-opt**=*option*
+
+Set custom DNS options. Invalid if using **--dns-opt** with **--network** that is set to **none** or **container:**_id_.
diff --git a/docs/source/markdown/options/dns-search.container.md b/docs/source/markdown/options/dns-search.container.md
new file mode 100644
index 000000000..5a803ba39
--- /dev/null
+++ b/docs/source/markdown/options/dns-search.container.md
@@ -0,0 +1,4 @@
+#### **--dns-search**=*domain*
+
+Set custom DNS search domains. Invalid if using **--dns-search** with **--network** that is set to **none** or **container:**_id_.
+Use **--dns-search=.** if you don't wish to set the search domain.
diff --git a/docs/source/markdown/options/env-merge.md b/docs/source/markdown/options/env-merge.md
new file mode 100644
index 000000000..aa1aa003d
--- /dev/null
+++ b/docs/source/markdown/options/env-merge.md
@@ -0,0 +1,5 @@
+#### **--env-merge**=*env*
+
+Preprocess default environment variables for the containers. For example
+if image contains environment variable `hello=world` user can preprocess
+it using `--env-merge hello=${hello}-some` so new value will be `hello=world-some`.
diff --git a/docs/source/markdown/options/follow.md b/docs/source/markdown/options/follow.md
new file mode 100644
index 000000000..75b65cf49
--- /dev/null
+++ b/docs/source/markdown/options/follow.md
@@ -0,0 +1,7 @@
+#### **--follow**, **-f**
+
+Follow log output.  Default is false.
+
+Note: If you are following a <<container|pod>> which is removed by `podman <<container|pod>> rm`
+or removed on exit (`podman run --rm ...`), then there is a chance that the log
+file will be removed before `podman<< pod|>> logs` reads the final content.
diff --git a/docs/source/markdown/options/gidmap.container.md b/docs/source/markdown/options/gidmap.container.md
new file mode 100644
index 000000000..a3c9df33d
--- /dev/null
+++ b/docs/source/markdown/options/gidmap.container.md
@@ -0,0 +1,8 @@
+#### **--gidmap**=*container_gid:host_gid:amount*
+
+Run the container in a new user namespace using the supplied GID mapping. This
+option conflicts with the **--userns** and **--subgidname** options. This
+option provides a way to map host GIDs to container GIDs in the same way as
+__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
+
+Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
diff --git a/docs/source/markdown/options/gidmap.pod.md b/docs/source/markdown/options/gidmap.pod.md
new file mode 100644
index 000000000..0d58cc527
--- /dev/null
+++ b/docs/source/markdown/options/gidmap.pod.md
@@ -0,0 +1,4 @@
+#### **--gidmap**=*pod_gid:host_gid:amount*
+
+GID map for the user namespace. Using this flag will run all containers in the pod with user namespace enabled.
+It conflicts with the **--userns** and **--subgidname** flags.
diff --git a/docs/source/markdown/options/ignore.md b/docs/source/markdown/options/ignore.md
new file mode 100644
index 000000000..231d75957
--- /dev/null
+++ b/docs/source/markdown/options/ignore.md
@@ -0,0 +1,5 @@
+#### **--ignore**, **-i**
+
+Ignore errors when specified <<containers|pods>> are not in the container store.  A user
+might have decided to manually remove a <<container|pod>> which would lead to a failure
+during the ExecStop directive of a systemd service referencing that <<container|pod>>.
diff --git a/docs/source/markdown/options/ipc.md b/docs/source/markdown/options/ipc.md
new file mode 100644
index 000000000..699b64eec
--- /dev/null
+++ b/docs/source/markdown/options/ipc.md
@@ -0,0 +1,12 @@
+#### **--ipc**=*ipc*
+
+Set the IPC namespace mode for a container. The default is to create
+a private IPC namespace.
+
+- "": Use Podman's default, defined in containers.conf.
+- **container:**_id_: reuses another container's shared memory, semaphores, and message queues
+- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
+- **none**:  private IPC namespace, with /dev/shm not mounted.
+- **ns:**_path_: path to an IPC namespace to join.
+- **private**: private IPC namespace.
+= **shareable**: private IPC namespace with a possibility to share it with other containers.
diff --git a/docs/source/markdown/options/memory-swappiness.md b/docs/source/markdown/options/memory-swappiness.md
index 65f0ef310..1e6a51188 100644
--- a/docs/source/markdown/options/memory-swappiness.md
+++ b/docs/source/markdown/options/memory-swappiness.md
@@ -2,4 +2,4 @@
 
 Tune a container's memory swappiness behavior. Accepts an integer between *0* and *100*.
 
-This flag is not supported on cgroups V2 systems.
+This flag is only supported on cgroups V1 rootful systems.
diff --git a/docs/source/markdown/options/names.md b/docs/source/markdown/options/names.md
new file mode 100644
index 000000000..54fda40ee
--- /dev/null
+++ b/docs/source/markdown/options/names.md
@@ -0,0 +1,3 @@
+#### **--names**, **-n**
+
+Output the container names instead of the container IDs in the log.
diff --git a/docs/source/markdown/options/pid.md b/docs/source/markdown/options/pid.md
new file mode 100644
index 000000000..d0cbef1d5
--- /dev/null
+++ b/docs/source/markdown/options/pid.md
@@ -0,0 +1,9 @@
+#### **--pid**=*mode*
+
+Set the PID namespace mode for the container.
+The default is to create a private PID namespace for the container.
+
+- **container:**_id_: join another container's PID namespace;
+- **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure;
+- **ns:**_path_: join the specified PID namespace;
+- **private**: create a new namespace for the container (default).
diff --git a/docs/source/markdown/options/platform.md b/docs/source/markdown/options/platform.md
index edfa428ff..b66efdfb2 100644
--- a/docs/source/markdown/options/platform.md
+++ b/docs/source/markdown/options/platform.md
@@ -2,3 +2,4 @@
 
 Specify the platform for selecting the image.  (Conflicts with --arch and --os)
 The `--platform` option can be used to override the current architecture and operating system.
+Unless overridden, subsequent lookups of the same image in the local storage will match this platform, regardless of the host.
diff --git a/docs/source/markdown/options/pod-id-file.container.md b/docs/source/markdown/options/pod-id-file.container.md
new file mode 100644
index 000000000..1c102dc6b
--- /dev/null
+++ b/docs/source/markdown/options/pod-id-file.container.md
@@ -0,0 +1,4 @@
+#### **--pod-id-file**=*file*
+
+Run container in an existing pod and read the pod's ID from the specified *file*.
+If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
diff --git a/docs/source/markdown/options/pod-id-file.pod.md b/docs/source/markdown/options/pod-id-file.pod.md
new file mode 100644
index 000000000..69e2ac6e9
--- /dev/null
+++ b/docs/source/markdown/options/pod-id-file.pod.md
@@ -0,0 +1,3 @@
+#### **--pod-id-file**=*file*
+
+Read pod ID from the specified *file* and <<subcommand>> the pod. Can be specified multiple times.
diff --git a/docs/source/markdown/options/since.md b/docs/source/markdown/options/since.md
new file mode 100644
index 000000000..9f20722df
--- /dev/null
+++ b/docs/source/markdown/options/since.md
@@ -0,0 +1,6 @@
+#### **--since**=*TIMESTAMP*
+
+Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration
+strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
+time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
+and 2006-01-02.
diff --git a/docs/source/markdown/options/systemd.md b/docs/source/markdown/options/systemd.md
new file mode 100644
index 000000000..a341edbc2
--- /dev/null
+++ b/docs/source/markdown/options/systemd.md
@@ -0,0 +1,29 @@
+#### **--systemd**=*true* | *false* | *always*
+
+Run container in systemd mode. The default is **true**.
+
+The value *always* enforces the systemd mode is enforced without
+looking at the executable name. Otherwise, if set to true and the
+command you are running inside the container is **systemd**, **/usr/sbin/init**,
+**/sbin/init** or **/usr/local/sbin/init**.
+
+Running the container in systemd mode causes the following changes:
+
+* Podman mounts tmpfs file systems on the following directories
+  * _/run_
+  * _/run/lock_
+  * _/tmp_
+  * _/sys/fs/cgroup/systemd_
+  * _/var/lib/journal_
+* Podman sets the default stop signal to **SIGRTMIN+3**.
+* Podman sets **container_uuid** environment variable in the container to the
+first 32 characters of the container id.
+
+This allows systemd to run in a confined container without any modifications.
+
+Note that on **SELinux** systems, systemd attempts to write to the cgroup
+file system. Containers writing to the cgroup file system are denied by default.
+The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
+```
+setsebool -P container_manage_cgroup true
+```
diff --git a/docs/source/markdown/options/tail.md b/docs/source/markdown/options/tail.md
new file mode 100644
index 000000000..463b6fc3f
--- /dev/null
+++ b/docs/source/markdown/options/tail.md
@@ -0,0 +1,4 @@
+#### **--tail**=*LINES*
+
+Output the specified number of LINES at the end of the logs.  LINES must be an integer.  Defaults to -1,
+which prints all lines
diff --git a/docs/source/markdown/options/timestamps.md b/docs/source/markdown/options/timestamps.md
new file mode 100644
index 000000000..a449216aa
--- /dev/null
+++ b/docs/source/markdown/options/timestamps.md
@@ -0,0 +1,3 @@
+#### **--timestamps**, **-t**
+
+Show timestamps in the log outputs.  The default is false
diff --git a/docs/source/markdown/options/until.md b/docs/source/markdown/options/until.md
new file mode 100644
index 000000000..d656d976b
--- /dev/null
+++ b/docs/source/markdown/options/until.md
@@ -0,0 +1,6 @@
+#### **--until**=*TIMESTAMP*
+
+Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
+strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
+time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
+and 2006-01-02.
diff --git a/docs/source/markdown/options/workdir.md b/docs/source/markdown/options/workdir.md
new file mode 100644
index 000000000..12f3ddd44
--- /dev/null
+++ b/docs/source/markdown/options/workdir.md
@@ -0,0 +1,7 @@
+#### **--workdir**, **-w**=*dir*
+
+Working directory inside the container.
+
+The default working directory for running binaries within a container is the root directory (**/**).
+The image developer can set a different default with the WORKDIR instruction. The operator
+can override the working directory by using the **-w** option.