diff options
Diffstat (limited to 'docs/source/markdown/podman-build.1.md')
| -rw-r--r-- | docs/source/markdown/podman-build.1.md | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index fac8296ad..dc38caac0 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -37,6 +37,10 @@ Add an image *annotation* (e.g. annotation=*value*) to the image metadata. Can b Note: this information is not present in Docker image formats, so it is discarded when writing images in Docker formats. +**--arch**=*arch* + +Set the ARCH of the image to the provided value instead of the architecture of the host. + **--authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. @@ -172,15 +176,22 @@ The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -**--device**=*device* +**--device**=_host-device_[**:**_container-device_][**:**_permissions_] + +Add a host device to the container. Optional *permissions* parameter +can be used to specify device permissions, it is combination of +**r** for read, **w** for write, and **m** for **mknod**(2). -Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +Example: **--device=/dev/sdc:/dev/xvdc:rwm**. -Note: if the user only has access rights via a group then accessing the device -from inside a rootless container will fail. The `crun` runtime offers a -workaround for this by adding the option `--annotation io.crun.keep_original_groups=1`. +Note: if _host_device_ is a symbolic link then it will be resolved first. +The container will only store the major and minor numbers of the host device. -**--disable-compression, -D** +Note: if the user only has access rights via a group, accessing the device +from inside a rootless container will fail. The **crun**(1) runtime offers a +workaround for this by adding the option **--annotation run.oci.keep_original_groups=1**. + +**--disable-compression**, **-D** Don't compress filesystem layers when building the image unless it is required by the location where the image is being written. This is the default setting, @@ -241,6 +252,10 @@ environment variable. `export BUILDAH_FORMAT=docker` Print usage statement +**--http-proxy** + +Pass through HTTP Proxy environment variables. + **--iidfile**=*ImageIDfile* Write the image ID to the file. @@ -272,6 +287,16 @@ BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci` Add an image *label* (e.g. label=*value*) to the image metadata. Can be used multiple times. +Users can set a special LABEL **io.containers.capabilities=CAP1,CAP2,CAP3** in +a Containerfile that specified the list of Linux capabilities required for the +container to run properly. This label specified in a container image tells +Podman to run the container with just these capabilities. Podman launches the +container with just the specified capabilities, as long as this list of +capabilities is a subset of the default list. + +If the specified capabilities are not in the default set, Podman will +print an error message and will run the container with the default capabilities. + **--layers** Cache intermediate images during the build process (Default is `true`). @@ -323,6 +348,10 @@ another process. Do not use existing cached images for the container build. Build from the start with a new set of cached layers. +**--os**=*string* + +Set the OS to the provided value instead of the current operating system of the host. + **--pid**=*pid* Sets the configuration for PID namespaces when handling `RUN` instructions. @@ -412,6 +441,10 @@ Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater tha Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. +**--sign-by**=*fingerprint* + +Sign the image using a GPG key with the specified FINGERPRINT. + **--squash** Squash all of the image's new layers into a single new layer; any preexisting layers @@ -633,11 +666,11 @@ $ podman build . $ podman build -f Containerfile.simple . -$ cat ~/Dockerfile | podman build -f - . +$ cat $HOME/Dockerfile | podman build -f - . $ podman build -f Dockerfile.simple -f Containerfile.notsosimple . -$ podman build -f Dockerfile.in ~ +$ podman build -f Dockerfile.in $HOME $ podman build -t imageName . @@ -649,7 +682,7 @@ $ podman build --runtime-flag log-format=json . $ podman build --runtime-flag debug . -$ podman build --authfile /tmp/auths/myauths.json --cert-dir ~/auth --tls-verify=true --creds=username:password -t imageName -f Dockerfile.simple . +$ podman build --authfile /tmp/auths/myauths.json --cert-dir $HOME/auth --tls-verify=true --creds=username:password -t imageName -f Dockerfile.simple . $ podman build --memory 40m --cpu-period 10000 --cpu-quota 50000 --ulimit nofile=1024:1028 -t imageName . |