aboutsummaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-create.1.md.in
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/markdown/podman-create.1.md.in')
-rw-r--r--docs/source/markdown/podman-create.1.md.in80
1 files changed, 23 insertions, 57 deletions
diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in
index 2827964f7..4dbc75551 100644
--- a/docs/source/markdown/podman-create.1.md.in
+++ b/docs/source/markdown/podman-create.1.md.in
@@ -119,15 +119,7 @@ Block IO relative device weight.
@@option cpu-shares
-#### **--cpus**=*number*
-
-Number of CPUs. The default is *0.0* which means no limit. This is shorthand
-for **--cpu-period** and **--cpu-quota**, so you may only set either
-**--cpus** or **--cpu-period** and **--cpu-quota**.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
+@@option cpus.container
@@option cpuset-cpus
@@ -152,34 +144,33 @@ Podman may load kernel modules required for using the specified
device. The devices that podman will load modules when necessary are:
/dev/fuse.
-#### **--device-cgroup-rule**=*"type major:minor mode"*
-
-Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
- - type: a (all), c (char), or b (block);
- - major and minor: either a number, or * for all;
- - mode: a composition of r (read), w (write), and m (mknod(2)).
+@@option device-cgroup-rule
#### **--device-read-bps**=*path*
Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
+This option is not supported on cgroups V1 rootless systems.
+
#### **--device-read-iops**=*path*
Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
+This option is not supported on cgroups V1 rootless systems.
+
#### **--device-write-bps**=*path*
Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
+This option is not supported on cgroups V1 rootless systems.
+
#### **--device-write-iops**=*path*
Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
-#### **--disable-content-trust**
+This option is not supported on cgroups V1 rootless systems.
-This is a Docker specific option to disable image verification to a Docker
-registry and is not supported by Podman. This flag is a NOOP and provided
-solely for scripting compatibility.
+@@option disable-content-trust
#### **--dns**=*dns*
@@ -217,16 +208,11 @@ Read in a line delimited file of environment variables. See **Environment** note
@@option env-host
-@@option expose
-
-#### **--gidmap**=*container_gid:host_gid:amount*
+@@option env-merge
-Run the container in a new user namespace using the supplied GID mapping. This
-option conflicts with the **--userns** and **--subgidname** options. This
-option provides a way to map host GIDs to container GIDs in the same way as
-__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
+@@option expose
-Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
+@@option gidmap.container
@@option group-add
@@ -312,18 +298,7 @@ The address must be within the network's IPv6 address pool.
To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
-#### **--ipc**=*ipc*
-
-Set the IPC namespace mode for a container. The default is to create
-a private IPC namespace.
-
-- "": Use Podman's default, defined in containers.conf.
-- **container:**_id_: reuses another container's shared memory, semaphores, and message queues
-- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
-- **none**: private IPC namespace, with /dev/shm not mounted.
-- **ns:**_path_: path to an IPC namespace to join.
-- **private**: private IPC namespace.
-= **shareable**: private IPC namespace with a possibility to share it with other containers.
+@@option ipc
#### **--label**, **-l**=*label*
@@ -364,6 +339,8 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).
+This option is not supported on cgroups V1 rootless systems.
+
#### **--memory-reservation**=*limit*
Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
@@ -374,6 +351,8 @@ reservation. So you should always set the value below **--memory**, otherwise th
hard limit will take precedence. By default, memory reservation will be the same
as memory limit.
+This option is not supported on cgroups V1 rootless systems.
+
#### **--memory-swap**=*limit*
A limit value equal to memory plus swap. Must be used with the **-m**
@@ -385,6 +364,8 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
+This option is not supported on cgroups V1 rootless systems.
+
@@option memory-swappiness
@@option mount
@@ -456,14 +437,7 @@ Unless overridden, subsequent lookups of the same image in the local storage wil
@@option personality
-#### **--pid**=*pid*
-
-Set the PID mode for the container
-Default is to create a private PID namespace for the container
-- `container:<name|id>`: join another container's PID namespace
-- `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
-- `ns`: join the specified PID namespace
-- `private`: create a new namespace for the container (default)
+@@option pid
@@option pidfile
@@ -476,9 +450,7 @@ Default is to create a private PID namespace for the container
Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`.
To make a pod with more granular options, use the `podman pod create` command before creating a container.
-#### **--pod-id-file**=*path*
-
-Run container in an existing pod and read the pod's ID from the specified file. If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
+@@option pod-id-file.container
#### **--privileged**
@@ -980,13 +952,7 @@ If the location of the volume from the source container overlaps with
data residing on a target container, then the volume hides
that data on the target.
-#### **--workdir**, **-w**=*dir*
-
-Working directory inside the container
-
-The default working directory for running binaries within a container is the root directory (/).
-The image developer can set a different default with the WORKDIR instruction. The operator
-can override the working directory by using the **-w** option.
+@@option workdir
## EXAMPLES
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-16 23:40:09 +0000