diff options
Diffstat (limited to 'docs/source/markdown/podman-run.1.md')
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index ceb97dbb7..af5bb814d 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -426,10 +426,21 @@ Logging driver for the container. Currently available options are *k8s-file* an **--log-opt**=*path* -Logging driver specific options. Used to set the path to the container log file. For example: +Set custom logging configuration. Presently supports the `tag` option +which specified a custom log tag for the container. For example: `--log-opt path=/var/log/container/mycontainer.json` +**--log-opt**=*tag* + +Specify a custom log tag for the container. For example: + +`--log-opt tag="{{.ImageName}}"` + +It supports the same keys as `podman inspect --format`. + +It is currently supported only by the journald log driver. + **--mac-address**=*address* Container MAC address (e.g. `92:d0:c6:0a:29:33`) @@ -588,15 +599,16 @@ If a container is run with a pod, and the pod has an infra-container, the infra- Give extended privileges to this container. The default is *false*. -By default, Podman containers are “unprivileged” (=false) and cannot, -for example, modify parts of the kernel. This is because by default a -container is not allowed to access any devices. A “privileged” container -is given access to all devices. +By default, Podman containers are “unprivileged” (=false) and cannot, for +example, modify parts of the operating system. This is because by default a +container is only allowed limited access to devices. A "privileged" container +is given the same access to devices as the user launching the container. -When the operator executes **podman run --privileged**, Podman enables access -to all devices on the host, turns off graphdriver mount options, as well as -turning off most of the security measures protecting the host from the -container. +A privileged container turns off the security features that isolate the +container from the host. Dropped Capabilities, limited devices, read/only mount +points, Apparmor/SELinux separation, and Seccomp filters are all disabled. + +Rootless containers cannot have more privileges than the account that launched them. **--publish**, **-p**=*port* @@ -829,7 +841,7 @@ You can pass `host` to copy the current configuration from the host. Sets the username or UID used and optionally the groupname or GID for the specified command. -The followings examples are all valid: +The following examples are all valid: --user [user | user:group | uid | uid:gid | user:gid | uid:group ] Without this argument the command will be run as root in the container. |