diff options
Diffstat (limited to 'docs/source/markdown/podman-run.1.md')
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 3225654b6..e8b7d56b7 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -561,6 +561,7 @@ Valid _mode_ values are: - **host**: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure; - _network-id_: connect to a user-defined network, multiple networks should be comma separated; - **ns:**_path_: path to a network namespace to join; +- `private`: create a new namespace for the container (default) - **slirp4netns**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. **--network-alias**=*alias* @@ -594,6 +595,7 @@ The efault is to create a private PID namespace for the container. - **container:**_id_: join another container's PID namespace; - **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure; +- **private**: create a new namespace for the container (default) - **ns:**_path_: join the specified PID namespace. **--pids-limit**=*limit* @@ -867,6 +869,7 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USER - **host**: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user. - **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. - **ns**: run the container in the given existing user namespace. +- **private**: create a new namespace for the container (default) - **container**: join the user namespace of the specified container. This option is incompatible with **--gidmap**, **--uidmap**, **--subuid** and **--subgid**. @@ -876,6 +879,7 @@ This option is incompatible with **--gidmap**, **--uidmap**, **--subuid** and ** Set the UTS namespace mode for the container. The following values are supported: - **host**: use the host's UTS namespace inside the container. +- **private**: create a new namespace for the container (default) - **ns**: use own UTS namespace. **NOTE**: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. |