1 files changed, 29 insertions, 100 deletions
diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in
index f5301c60a..0a880951d 100644
--- a/docs/source/markdown/podman-create.1.md.in
+++ b/docs/source/markdown/podman-create.1.md.in
@@ -83,12 +83,7 @@ error. It can even pretend to be a TTY (this is what most command line
 executables expect) and pass along signals. The **-a** option can be set for
 each of stdin, stdout, and stderr.
 
-#### **--authfile**=*path*
-
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
+@@option authfile
 
 @@option blkio-weight
 
@@ -110,9 +105,7 @@ Block IO relative device weight.
 
 @@option chrootdirs
 
-#### **--cidfile**=*id*
-
-Write the container ID to the file
+@@option cidfile.write
 
 @@option conmon-pidfile
 
@@ -126,15 +119,7 @@ Write the container ID to the file
 
 @@option cpu-shares
 
-#### **--cpus**=*number*
-
-Number of CPUs. The default is *0.0* which means no limit. This is shorthand
-for **--cpu-period** and **--cpu-quota**, so you may only set either
-**--cpus** or **--cpu-period** and **--cpu-quota**.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
+@@option cpus.container
 
 @@option cpuset-cpus
 
@@ -159,34 +144,33 @@ Podman may load kernel modules required for using the specified
 device. The devices that podman will load modules when necessary are:
 /dev/fuse.
 
-#### **--device-cgroup-rule**=*"type major:minor mode"*
-
-Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
-       - type: a (all), c (char), or b (block);
-       - major and minor: either a number, or * for all;
-       - mode: a composition of r (read), w (write), and m (mknod(2)).
+@@option device-cgroup-rule
 
 #### **--device-read-bps**=*path*
 
 Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--device-read-iops**=*path*
 
 Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--device-write-bps**=*path*
 
 Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--device-write-iops**=*path*
 
 Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
 
-#### **--disable-content-trust**
+This option is not supported on cgroups V1 rootless systems.
 
-This is a Docker specific option to disable image verification to a Docker
-registry and is not supported by Podman. This flag is a NOOP and provided
-solely for scripting compatibility.
+@@option disable-content-trust
 
 #### **--dns**=*dns*
 
@@ -200,13 +184,9 @@ is the case the **--dns** flag is necessary for every run.
 The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman.
 The **/etc/resolv.conf** file in the image will be used without changes.
 
-#### **--dns-opt**=*option*
-
-Set custom DNS options. Invalid if using **--dns-opt** and **--network** that is set to 'none' or `container:<name|id>`.
+@@option dns-opt.container
 
-#### **--dns-search**=*domain*
-
-Set custom DNS search domains. Invalid if using **--dns-search** and **--network** that is set to 'none' or `container:<name|id>`. (Use --dns-search=. if you don't wish to set the search domain)
+@@option dns-search.container
 
 @@option entrypoint
 
@@ -224,16 +204,11 @@ Read in a line delimited file of environment variables. See **Environment** note
 
 @@option env-host
 
-@@option expose
+@@option env-merge
 
-#### **--gidmap**=*container_gid:host_gid:amount*
-
-Run the container in a new user namespace using the supplied GID mapping. This
-option conflicts with the **--userns** and **--subgidname** options. This
-option provides a way to map host GIDs to container GIDs in the same way as
-__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
+@@option expose
 
-Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
+@@option gidmap.container
 
 @@option group-add
 
@@ -319,18 +294,7 @@ The address must be within the network's IPv6 address pool.
 To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
 
 
-#### **--ipc**=*ipc*
-
-Set the IPC namespace mode for a container. The default is to create
-a private IPC namespace.
-
-- "": Use Podman's default, defined in containers.conf.
-- **container:**_id_: reuses another container's shared memory, semaphores, and message queues
-- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
-- **none**:  private IPC namespace, with /dev/shm not mounted.
-- **ns:**_path_: path to an IPC namespace to join.
-- **private**: private IPC namespace.
-= **shareable**: private IPC namespace with a possibility to share it with other containers.
+@@option ipc
 
 #### **--label**, **-l**=*label*
 
@@ -371,6 +335,8 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
 not limited. The actual limit may be rounded up to a multiple of the operating
 system's page size (the value would be very large, that's millions of trillions).
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--memory-reservation**=*limit*
 
 Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
@@ -381,6 +347,8 @@ reservation. So you should always set the value below **--memory**, otherwise th
 hard limit will take precedence. By default, memory reservation will be the same
 as memory limit.
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--memory-swap**=*limit*
 
 A limit value equal to memory plus swap. Must be used with the  **-m**
@@ -392,6 +360,8 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
 `k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
 unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
 
+This option is not supported on cgroups V1 rootless systems.
+
 @@option memory-swappiness
 
 @@option mount
@@ -457,19 +427,13 @@ This option conflicts with **--add-host**.
 
 #### **--os**=*OS*
 Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
+Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host.
 
 @@option passwd-entry
 
 @@option personality
 
-#### **--pid**=*pid*
-
-Set the PID mode for the container
-Default is to create a private PID namespace for the container
-- `container:<name|id>`: join another container's PID namespace
-- `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
-- `ns`: join the specified PID namespace
-- `private`: create a new namespace for the container (default)
+@@option pid
 
 @@option pidfile
 
@@ -482,9 +446,7 @@ Default is to create a private PID namespace for the container
 Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`.
 To make a pod with more granular options, use the `podman pod create` command before creating a container.
 
-#### **--pod-id-file**=*path*
-
-Run container in an existing pod and read the pod's ID from the specified file. If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
+@@option pod-id-file.container
 
 #### **--privileged**
 
@@ -666,34 +628,7 @@ Network Namespace - current sysctls allowed:
 
 Note: if you use the --network=host option these sysctls will not be allowed.
 
-#### **--systemd**=*true* | *false* | *always*
-
-Run container in systemd mode. The default is *true*.
-
-The value *always* enforces the systemd mode is enforced without
-looking at the executable name. Otherwise, if set to true and the
-command you are running inside the container is **systemd**, **/usr/sbin/init**,
-**/sbin/init** or **/usr/local/sbin/init**.
-
-Running the container in systemd mode causes the following changes:
-
-* Podman mounts tmpfs file systems on the following directories
-  * _/run_
-  * _/run/lock_
-  * _/tmp_
-  * _/sys/fs/cgroup/systemd_
-  * _/var/lib/journal_
-* Podman sets the default stop signal to **SIGRTMIN+3**.
-* Podman sets **container_uuid** environment variable in the container to the
-first 32 characters of the container id.
-
-This allows systemd to run in a confined container without any modifications.
-
-Note: On `SELinux` systems, systemd attempts to write to the cgroup
-file system. Containers writing to the cgroup file system are denied by default.
-The `container_manage_cgroup` boolean must be enabled for this to be allowed on an SELinux separated system.
-
-`setsebool -P container_manage_cgroup true`
+@@option systemd
 
 @@option timeout
 
@@ -986,13 +921,7 @@ If the location of the volume from the source container overlaps with
 data residing on a target container, then the volume hides
 that data on the target.
 
-#### **--workdir**, **-w**=*dir*
-
-Working directory inside the container
-
-The default working directory for running binaries within a container is the root directory (/).
-The image developer can set a different default with the WORKDIR instruction. The operator
-can override the working directory by using the **-w** option.
+@@option workdir
 
 ## EXAMPLES