1 files changed, 29 insertions, 101 deletions
diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in
index 81b635bc8..6798c65da 100644
--- a/docs/source/markdown/podman-run.1.md.in
+++ b/docs/source/markdown/podman-run.1.md.in
@@ -100,12 +100,7 @@ error. It can even pretend to be a TTY (this is what most commandline
 executables expect) and pass along signals. The **-a** option can be set for
 each of **stdin**, **stdout**, and **stderr**.
 
-#### **--authfile**=*[path]*
-
-Path to the authentication file. Default is *${XDG_RUNTIME_DIR}/containers/auth.json*.
-
-Note: You can also override the default path of the authentication file by setting the **REGISTRY_AUTH_FILE**
-environment variable.
+@@option authfile
 
 @@option blkio-weight
 
@@ -125,9 +120,7 @@ environment variable.
 
 @@option chrootdirs
 
-#### **--cidfile**=*file*
-
-Write the container ID to *file*.
+@@option cidfile.write
 
 @@option conmon-pidfile
 
@@ -141,15 +134,7 @@ Write the container ID to *file*.
 
 @@option cpu-shares
 
-#### **--cpus**=*number*
-
-Number of CPUs. The default is *0.0* which means no limit. This is shorthand
-for **--cpu-period** and **--cpu-quota**, so you may only set either
-**--cpus** or **--cpu-period** and **--cpu-quota**.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
+@@option cpus.container
 
 @@option cpuset-cpus
 
@@ -193,31 +178,33 @@ Podman may load kernel modules required for using the specified
 device. The devices that Podman will load modules when necessary are:
 /dev/fuse.
 
-#### **--device-cgroup-rule**=*rule*
-
-Add a rule to the cgroup allowed devices list
+@@option device-cgroup-rule
 
 #### **--device-read-bps**=*path:rate*
 
 Limit read rate (in bytes per second) from a device (e.g. **--device-read-bps=/dev/sda:1mb**).
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--device-read-iops**=*path:rate*
 
 Limit read rate (in IO operations per second) from a device (e.g. **--device-read-iops=/dev/sda:1000**).
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--device-write-bps**=*path:rate*
 
 Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/dev/sda:1mb**).
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--device-write-iops**=*path:rate*
 
 Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**).
 
-#### **--disable-content-trust**
+This option is not supported on cgroups V1 rootless systems.
 
-This is a Docker specific option to disable image verification to a Docker
-registry and is not supported by Podman. This flag is a NOOP and provided
-solely for scripting compatibility.
+@@option disable-content-trust
 
 #### **--dns**=*ipaddr*
 
@@ -231,14 +218,9 @@ is the case the **--dns** flag is necessary for every run.
 The special value **none** can be specified to disable creation of _/etc/resolv.conf_ in the container by Podman.
 The _/etc/resolv.conf_ file in the image will be used without changes.
 
-#### **--dns-opt**=*option*
-
-Set custom DNS options. Invalid if using **--dns-opt** with **--network** that is set to **none** or **container:**_id_.
+@@option dns-opt.container
 
-#### **--dns-search**=*domain*
-
-Set custom DNS search domains. Invalid if using **--dns-search** and **--network** that is set to **none** or **container:**_id_.
-Use **--dns-search=.** if you don't wish to set the search domain.
+@@option dns-search.container
 
 @@option entrypoint
 
@@ -256,16 +238,11 @@ Read in a line delimited file of environment variables. See **Environment** note
 
 @@option env-host
 
-@@option expose
-
-#### **--gidmap**=*container_gid:host_gid:amount*
+@@option env-merge
 
-Run the container in a new user namespace using the supplied GID mapping. This
-option conflicts with the **--userns** and **--subgidname** options. This
-option provides a way to map host GIDs to container GIDs in the same way as
-__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
+@@option expose
 
-Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
+@@option gidmap.container
 
 @@option group-add
 
@@ -330,18 +307,7 @@ The address must be within the network's IPv6 address pool.
 
 To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
 
-#### **--ipc**=*mode*
-
-Set the IPC namespace mode for a container. The default is to create
-a private IPC namespace.
-
-- "": Use Podman's default, defined in containers.conf.
-- **container:**_id_: reuses another container shared memory, semaphores and message queues
-- **host**: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
-- **none**:  private IPC namespace, with /dev/shm not mounted.
-- **ns:**_path_: path to an IPC namespace to join.
-- **private**: private IPC namespace.
-= **shareable**: private IPC namespace with a possibility to share it with  other containers.
+@@option ipc
 
 #### **--label**, **-l**=*key=value*
 
@@ -382,6 +348,8 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
 not limited. The actual limit may be rounded up to a multiple of the operating
 system's page size (the value would be very large, that's millions of trillions).
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--memory-reservation**=*number[unit]*
 
 Memory soft limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
@@ -392,6 +360,8 @@ reservation. So you should always set the value below **--memory**, otherwise th
 hard limit will take precedence. By default, memory reservation will be the same
 as memory limit.
 
+This option is not supported on cgroups V1 rootless systems.
+
 #### **--memory-swap**=*number[unit]*
 
 A limit value equal to memory plus swap.
@@ -404,6 +374,8 @@ the value of **--memory**.
 
 Set _number_ to **-1** to enable unlimited swap.
 
+This option is not supported on cgroups V1 rootless systems.
+
 @@option memory-swappiness
 
 @@option mount
@@ -470,6 +442,7 @@ This option conflicts with **--add-host**.
 
 #### **--os**=*OS*
 Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
+Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host.
 
 #### **--passwd**
 
@@ -480,15 +453,7 @@ This is used to override the Podman provided user setup in favor of entrypoint c
 
 @@option personality
 
-#### **--pid**=*mode*
-
-Set the PID namespace mode for the container.
-The default is to create a private PID namespace for the container.
-
-- **container:**_id_: join another container's PID namespace;
-- **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure;
-- **private**: create a new namespace for the container (default)
-- **ns:**_path_: join the specified PID namespace.
+@@option pid
 
 @@option pidfile
 
@@ -502,10 +467,7 @@ Run container in an existing pod. If you want Podman to make the pod for you, pr
 To make a pod with more granular options, use the **podman pod create** command before creating a container.
 If a container is run with a pod, and the pod has an infra-container, the infra-container will be started before the container is.
 
-#### **--pod-id-file**=*path*
-
-Run container in an existing pod and read the pod's ID from the specified file.
-If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
+@@option pod-id-file.container
 
 #### **--preserve-fds**=*N*
 
@@ -715,35 +677,7 @@ For the network namespace, the following sysctls are allowed:
 
 Note: if you use the **--network=host** option, these sysctls will not be allowed.
 
-#### **--systemd**=*true* | *false* | *always*
-
-Run container in systemd mode. The default is **true**.
-
-The value *always* enforces the systemd mode is enforced without
-looking at the executable name. Otherwise, if set to true and the
-command you are running inside the container is **systemd**, **/usr/sbin/init**,
-**/sbin/init** or **/usr/local/sbin/init**.
-
-Running the container in systemd mode causes the following changes:
-
-* Podman mounts tmpfs file systems on the following directories
-  * _/run_
-  * _/run/lock_
-  * _/tmp_
-  * _/sys/fs/cgroup/systemd_
-  * _/var/lib/journal_
-* Podman sets the default stop signal to **SIGRTMIN+3**.
-* Podman sets **container_uuid** environment variable in the container to the
-first 32 characters of the container id.
-
-This allows systemd to run in a confined container without any modifications.
-
-Note that on **SELinux** systems, systemd attempts to write to the cgroup
-file system. Containers writing to the cgroup file system are denied by default.
-The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
-```
-setsebool -P container_manage_cgroup true
-```
+@@option systemd
 
 @@option timeout
 
@@ -1043,13 +977,7 @@ If the location of the volume from the source container overlaps with
 data residing on a target container, then the volume hides
 that data on the target.
 
-#### **--workdir**, **-w**=*dir*
-
-Working directory inside the container.
-
-The default working directory for running binaries within a container is the root directory (**/**).
-The image developer can set a different default with the WORKDIR instruction. The operator
-can override the working directory by using the **-w** option.
+@@option workdir
 
 ## Exit Status