summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-create.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/markdown/podman-create.1.md')
-rw-r--r--docs/source/markdown/podman-create.1.md116
1 files changed, 60 insertions, 56 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 506f575fe..c4d27e321 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -65,6 +65,7 @@ and specified with a _tag_.
$ podman create oci-archive:/tmp/fedora echo hello
## OPTIONS
+
#### **--add-host**=*host*
Add a custom host-to-IP mapping (host:ip)
@@ -114,6 +115,14 @@ Add Linux capabilities
Drop Linux capabilities
+#### **--cgroup-conf**=*KEY=VALUE*
+
+When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB.
+
+#### **--cgroup-parent**=*path*
+
+Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
+
#### **--cgroupns**=*mode*
Set the cgroup namespace mode for the container.
@@ -134,13 +143,11 @@ The *disabled* option will force the container to not create CGroups, and thus c
The *no-conmon* option disables a new CGroup only for the conmon process.
The *split* option splits the current cgroup in two sub-cgroups: one for conmon and one for the container payload. It is not possible to set *--cgroup-parent* with *split*.
-#### **--cgroup-parent**=*path*
-
-Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-
-#### **--cgroup-conf**=*KEY=VALUE*
+#### **--chrootdirs**=*path*
-When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB.
+Path to a directory inside the container that should be treated as a `chroot` directory.
+Any Podman managed file (e.g., /etc/resolv.conf, /etc/hosts, etc/hostname) that is mounted into the root directory will be mounted into that location as well.
+Multiple directories should be separated with a comma.
#### **--cidfile**=*id*
@@ -346,14 +353,14 @@ This option allows arbitrary environment variables that are available for the pr
See [**Environment**](#environment) note below for precedence and examples.
-#### **--env-host**
-
-Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
#### **--env-file**=*file*
Read in a line delimited file of environment variables. See **Environment** note below for precedence.
+#### **--env-host**
+
+Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+
#### **--expose**=*port*
Expose a port, or a range of ports (e.g. --expose=3300-3310) to set up port redirection
@@ -406,6 +413,10 @@ The initialization time needed for a container to bootstrap. The value can be ex
The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the
value can be expressed in a time format such as `1m22s`. The default value is `30s`.
+#### **--help**
+
+Print usage statement
+
#### **--hostname**=*name*, **-h**
Container host name
@@ -417,10 +428,6 @@ Sets the container host name that is available inside the container. Can only be
Add a user account to /etc/passwd from the host to the container. The Username
or UID must exist on the host system.
-#### **--help**
-
-Print usage statement
-
#### **--http-proxy**
By default proxy environment variables are passed into the container if set
@@ -761,6 +768,16 @@ Default is to create a private PID namespace for the container
- `ns`: join the specified PID namespace
- `private`: create a new namespace for the container (default)
+#### **--pidfile**=*path*
+
+When the pidfile location is specified, the container process' PID will be written to the pidfile. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+If the pidfile option is not specified, the container process' PID will be written to /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.
+
+After the container is started, the location for the pidfile can be discovered with the following `podman inspect` command:
+
+ $ podman inspect --format '{{ .PidFile }}' $CID
+ /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile
+
#### **--pids-limit**=*limit*
Tune the container's pids limit. Set `-1` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
@@ -1020,15 +1037,20 @@ Run container in systemd mode. The default is *true*.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
-command you are running inside the container is systemd, /usr/sbin/init,
-/sbin/init or /usr/local/sbin/init.
-
-If the command you are running inside of the container is systemd,
-Podman will setup tmpfs mount points in the following directories:
+command you are running inside the container is **systemd**, **/usr/sbin/init**,
+**/sbin/init** or **/usr/local/sbin/init**.
-/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
+Running the container in systemd mode causes the following changes:
-It will also set the default stop signal to SIGRTMIN+3.
+* Podman mounts tmpfs file systems on the following directories
+ * _/run_
+ * _/run/lock_
+ * _/tmp_
+ * _/sys/fs/cgroup/systemd_
+ * _/var/lib/journal_
+* Podman sets the default stop signal to **SIGRTMIN+3**.
+* Podman sets **container_uuid** environment variable in the container to the
+first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
@@ -1077,23 +1099,6 @@ standard input.
Set timezone in container. This flag takes area-based timezones, GMT time, as well as `local`, which sets the timezone in the container to match the host machine. See `/usr/share/zoneinfo/` for valid timezones.
Remote connections use local containers.conf for defaults
-#### **--umask**=*umask*
-
-Set the umask inside the container. Defaults to `0022`.
-Remote connections use local containers.conf for defaults
-
-#### **--unsetenv**=*env*
-
-Unset default environment variables for the container. Default environment
-variables include variables provided natively by Podman, environment variables
-configured by the image, and environment variables from containers.conf.
-
-#### **--unsetenv-all**=*true|false*
-
-Unset all default environment variables for the container. Default environment
-variables include variables provided natively by Podman, environment variables
-configured by the image, and environment variables from containers.conf.
-
#### **--uidmap**=*container_uid*:*from_uid*:*amount*
Run the container in a new user namespace using the supplied mapping. This
@@ -1178,6 +1183,23 @@ Ulimit options
You can pass `host` to copy the current configuration from the host.
+#### **--umask**=*umask*
+
+Set the umask inside the container. Defaults to `0022`.
+Remote connections use local containers.conf for defaults
+
+#### **--unsetenv**=*env*
+
+Unset default environment variables for the container. Default environment
+variables include variables provided natively by Podman, environment variables
+configured by the image, and environment variables from containers.conf.
+
+#### **--unsetenv-all**=*true|false*
+
+Unset all default environment variables for the container. Default environment
+variables include variables provided natively by Podman, environment variables
+configured by the image, and environment variables from containers.conf.
+
#### **--user**, **-u**=*user*
Sets the username or UID used and optionally the groupname or GID for the specified command.
@@ -1443,22 +1465,6 @@ The default working directory for running binaries within a container is the roo
The image developer can set a different default with the WORKDIR instruction. The operator
can override the working directory by using the **-w** option.
-#### **--pidfile**=*path*
-
-When the pidfile location is specified, the container process' PID will be written to the pidfile. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-If the pidfile option is not specified, the container process' PID will be written to /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.
-
-After the container is started, the location for the pidfile can be discovered with the following `podman inspect` command:
-
- $ podman inspect --format '{{ .PidFile }}' $CID
- /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile
-
-#### **--chrootdirs**=*path*
-
-Path to a directory inside the container that should be treated as a `chroot` directory.
-Any Podman managed file (e.g., /etc/resolv.conf, /etc/hosts, etc/hostname) that is mounted into the root directory will be mounted into that location as well.
-Multiple directories should be separated with a comma.
-
## EXAMPLES
### Create a container using a local image
@@ -1550,8 +1556,6 @@ $ podman create --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 alpine
Podman runs as a non-root user on most systems. This feature requires that a new enough version of shadow-utils
be installed. The shadow-utils package must include the newuidmap and newgidmap executables.
-Note: RHEL7 and Centos 7 will not have this feature until RHEL7.7 is released.
-
In order for users to run rootless, there must be an entry for their username in /etc/subuid and /etc/subgid which lists the UIDs for their user namespace.
Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.