summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-create.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/markdown/podman-create.1.md')
-rw-r--r--docs/source/markdown/podman-create.1.md37
1 files changed, 32 insertions, 5 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 6617850fd..82d2e8f6a 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -67,12 +67,14 @@ Drop Linux capabilities
**--cgroupns**=*mode*
-Set the cgroup namespace mode for the container, by default **host** is used.
+Set the cgroup namespace mode for the container.
**host**: use the host's cgroup namespace inside the container.
**container:<NAME|ID>**: join the namespace of the specified container.
**private**: create a new cgroup namespace.
**ns:<PATH>**: join the namespace at the specified path.
+If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the default is **private**.
+
**--cgroups**=*mode*
Determines whether the container will create CGroups.
@@ -196,9 +198,7 @@ it in the **libpod.conf** file: see **libpod.conf(5)** for more information.
**--detach-keys**=*sequence*
-Override the key sequence for detaching a container. Format is a single character `[a-Z]` or
-a comma separated sequence of `ctrl-<value>`, where `<value>` is one of:
-`a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`.
+Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*.
**--device**=*device*
@@ -334,7 +334,7 @@ option to `false`. The environment variables passed in include `http_proxy`,
those. This option is only needed when the host system must use a proxy but
the container should not use any proxy. Proxy environment variables specified
for the container in any other way will override the values that would have
-been passed thru from the host. (Other ways to specify the proxy for the
+been passed through from the host. (Other ways to specify the proxy for the
container include passing the values with the `--env` flag, or hard coding the
proxy environment at container build time.)
@@ -498,6 +498,10 @@ Current supported mount TYPES are `bind`, `volume`, and `tmpfs`.
· tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
+ · tmpcopyup: Enable copyup from the image directory at the same location to the tmpfs. Used by default.
+
+ · notmpcopyup: Disable copying files from the image to the tmpfs.
+
**--name**=*name*
Assign a name to the container
@@ -813,6 +817,10 @@ container. The `OPTIONS` are a comma delimited list and can be:
* [rw|ro]
* [z|Z]
* [`[r]shared`|`[r]slave`|`[r]private`]
+* [`[r]bind`]
+* [`noexec`|`exec`]
+* [`nodev`|`dev`]
+* [`nosuid`|`suid`]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory.
@@ -866,6 +874,25 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave.
+If you want to recursively mount a volume and all of it's submounts into a
+container, then you can use the `rbind` option. By default the bind option is
+used, and submounts of the source directory will not be mounted into the
+container.
+
+Mounting the volume with the `nosuid` options means that SUID applications on
+the volume will not be able to change their privilege. By default volumes
+are mounted with `nosuid`.
+
+Mounting the volume with the noexec option means that no executables on the
+volume will be able to executed within the container.
+
+Mounting the volume with the nodev option means that no devices on the volume
+will be able to be used by processes within the container. By default volumes
+are mounted with `nodev`.
+
+If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are
+ignored by the kernel.
+
Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-31 09:48:06 +0000