aboutsummaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-run.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/markdown/podman-run.1.md')
-rw-r--r--docs/source/markdown/podman-run.1.md40
1 files changed, 26 insertions, 14 deletions
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 5cc17f470..ce1e86afe 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -512,18 +512,6 @@ a private IPC namespace.
- **host**: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
- **ns:**_path_: path to an IPC namespace to join.
-#### **--kernel-memory**=_number_[_unit_]
-
-Kernel memory limit. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes).
-
-Constrains the kernel memory available to a container. If a limit of 0
-is specified (not using *--kernel-memory*), the container's kernel memory
-is not limited. If you specify a limit, it may be rounded up to a multiple
-of the operating system's page size and the value can be very large,
-millions of trillions.
-
-This flag is not supported on cgroups V2 systems.
-
#### **--label**, **-l**=*key*=*value*
Add metadata to a container.
@@ -538,8 +526,13 @@ Not implemented.
#### **--log-driver**="*driver*"
-Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility.
+Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility. (Default journald)
+The podman info command below will display the default log-driver for the system.
+```
+$ podman info --format '{{ .Host.LogDriver }}'
+journald
+```
The **passthrough** driver passes down the standard streams (stdin, stdout, stderr) to the
container. It is not allowed with the remote Podman client and on a tty, since it is
vulnerable to attacks via TIOCSTI.
@@ -672,6 +665,16 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and
. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
+ Options specific to devpts:
+
+ · uid: UID of the file owner (default 0).
+
+ · gid: GID of the file owner (default 0).
+
+ · mode: permission mask for the file (default 600).
+
+ · max: maximum number of PTYs (default 1048576).
+
#### **--name**=*name*
Assign a name to the container.
@@ -1311,6 +1314,15 @@ share the volume content. As a result, Podman labels the content with a shared
content label. Shared volume labels allow all containers to read/write content.
The **Z** option tells Podman to label the content with a private unshared label.
+Note: Do not relabel system files and directories. Relabeling system content
+might cause other confined services on your machine to fail. For these types
+of containers we recommend that disable SELinux separation. The option
+`--security-opt label=disable` disables SELinux separation for the container.
+For example if a user wanted to volume mount their entire home directory into a
+container, they need to disable SELinux separation.
+
+ $ podman run --security-opt label=disable -v $HOME:/home/user fedora touch /home/user/file
+
`Overlay Volume Mounts`
The `:O` flag tells Podman to mount the directory from the host as a
@@ -1830,7 +1842,7 @@ Note: RHEL7 and Centos 7 will not have this feature until RHEL7.7 is released.
In order for users to run rootless, there must be an entry for their username in _/etc/subuid_ and _/etc/subgid_ which lists the UIDs for their user namespace.
Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
-The **fuse-overlay** package provides a userspace overlay storage driver, otherwise users need to use
+The **fuse-overlayfs** package provides a userspace overlay storage driver, otherwise users need to use
the **vfs** storage driver, which is diskspace expensive and does not perform well. slirp4netns is
required for VPN, without it containers need to be run with the **--network=host** flag.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-04 11:50:26 +0000