diff options
Diffstat (limited to 'docs/source/markdown/podman-create.1.md.in')
| -rw-r--r-- | docs/source/markdown/podman-create.1.md.in | 49 |
1 files changed, 4 insertions, 45 deletions
diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 25726af8c..a20aeafcd 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -1,4 +1,4 @@ -% podman-create(1) +% podman-create 1 ## NAME podman\-create - Create a new container @@ -123,25 +123,12 @@ each of stdin, stdout, and stderr. @@option cpuset-mems -#### **--device**=*host-device[:container-device][:permissions]* - -Add a host device to the container. Optional *permissions* parameter -can be used to specify device permissions, it is combination of -**r** for read, **w** for write, and **m** for **mknod**(2). - -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. - -Note: if *host-device* is a symbolic link then it will be resolved first. -The container will only store the major and minor numbers of the host device. +@@option device Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. Use the `--group-add keep-groups` flag to pass the user's supplementary group access into the container. -Podman may load kernel modules required for using the specified -device. The devices that podman will load modules when necessary are: -/dev/fuse. - @@option device-cgroup-rule @@option device-read-bps @@ -367,21 +354,7 @@ To make a pod with more granular options, use the `podman pod create` command be @@option pod-id-file.container -#### **--privileged** - -Give extended privileges to this container. The default is *false*. - -By default, Podman containers are -“unprivileged” (=false) and cannot, for example, modify parts of the operating system. -This is because by default a container is not allowed to access any devices. -A “privileged” container is given access to all devices. - -When the operator executes a privileged container, Podman enables access -to all devices on the host, turns off graphdriver mount options, as well as -turning off most of the security measures protecting the host from the -container. - -Rootless containers cannot have more privileges than the account that launched them. +@@option privileged #### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* @@ -513,21 +486,7 @@ When size is `0`, there is no limit on the amount of memory used for IPC by the @@option subuidname -#### **--sysctl**=*SYSCTL* - -Configure namespaced kernel parameters at runtime - -IPC Namespace - current sysctls allowed: - -kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced -Sysctls beginning with fs.mqueue.* - -Note: if you use the --ipc=host option these sysctls will not be allowed. - -Network Namespace - current sysctls allowed: - Sysctls beginning with net.* - -Note: if you use the --network=host option these sysctls will not be allowed. +@@option sysctl @@option systemd |