diff options
Diffstat (limited to 'docs/source/markdown/podman-create.1.md')
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 913183869..403327d82 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -349,7 +349,7 @@ You need to specify multi option commands in the form of a json string. Set environment variables -This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. If an environment variable ending in __*__ is specified, Podman will search the host environment for variables starting with the prefix and will add those variables to the container. If an environment variable with a trailing ***** is specified, then a value must be supplied. +This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in __*__ is specified without a value, Podman will search the host environment for variables starting with the prefix and will add those variables to the container. See [**Environment**](#environment) note below for precedence and examples. @@ -654,7 +654,7 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and ยท bind-propagation: shared, slave, private, unbindable, rshared, rslave, runbindable, or rprivate(default). See also mount(2). - . bind-nonrecursive: do not setup a recursive bind mount. By default it is recursive. + . bind-nonrecursive: do not set up a recursive bind mount. By default it is recursive. . relabel: shared, private. @@ -881,11 +881,11 @@ Suppress output information when pulling images #### **--read-only** -Mount the container's root filesystem as read only. +Mount the container's root filesystem as read-only. By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the `--read-only` flag the container will have -its root filesystem mounted as read only prohibiting any writes. +its root filesystem mounted as read-only prohibiting any writes. #### **--read-only-tmpfs** @@ -1006,8 +1006,8 @@ Note: Labeling can be disabled for all containers by setting label=false in the possible mount options are specified in the **proc(5)** man page. -- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. +- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default. + The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. @@ -1261,9 +1261,9 @@ Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinat **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). -**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. +**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is not allowed for containers created by the root user. -**nomap**: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is ignored for containers created by the root user. +**nomap**: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is not allowed for containers created by the root user. **ns:**_namespace_: run the container in the given existing user namespace. @@ -1295,13 +1295,14 @@ The _options_ is a comma-separated list and can be: * **rw**|**ro** * **z**|**Z** -* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** -* [**r**]**bind** -* [**no**]**exec** -* [**no**]**dev** -* [**no**]**suid** * [**O**] * [**U**] +* [**no**]**copy** +* [**no**]**dev** +* [**no**]**exec** +* [**no**]**suid** +* [**r**]**bind** +* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume will be mounted into the container at this directory. @@ -1409,12 +1410,10 @@ will be visible inside container but not the other way around. <sup>[[1]](#Footn To control mount propagation property of a volume one can use the [**r**]**shared**, [**r**]**slave**, [**r**]**private** or the [**r**]**unbindable** propagation flag. -Propagation property can be specified only for bind mounted volumes and not for -internal volumes or named volumes. For mount propagation to work the source mount -point (the mount point where source dir is mounted on) has to have the right propagation -properties. For shared volumes, the source mount point has to be shared. And for -slave volumes, the source mount point has to be either shared or slave. -<sup>[[1]](#Footnote1)</sup> +For mount propagation to work the source mount point (the mount point where source dir +is mounted on) has to have the right propagation properties. For shared volumes, the +source mount point has to be shared. And for slave volumes, the source mount point +has to be either shared or slave. <sup>[[1]](#Footnote1)</sup> If you want to recursively mount a volume and all of its submounts into a container, then you can use the `rbind` option. By default the bind option is @@ -1605,17 +1604,17 @@ Precedence order (later entries override earlier entries): - **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. - **--env** : Any environment variables specified will override previous settings. -Create containers and set the environment ending with a __*__ and a ***** +Create containers and set the environment ending with a __*__. +The trailing __*__ glob functionality is only active when no value is specified: ``` $ export ENV1=a -$ podman create --name ctr --env ENV* alpine printenv ENV1 -$ podman start --attach ctr -a - -$ podman create --name ctr --env ENV*****=b alpine printenv ENV***** -$ podman start --attach ctr -b +$ podman create --name ctr1 --env 'ENV*' alpine env +$ podman start --attach ctr1 | grep ENV +ENV1=a +$ podman create --name ctr2 --env 'ENV*=b' alpine env +$ podman start --attach ctr2 | grep ENV +ENV*=b ``` ## CONMON |