diff options
Diffstat (limited to 'docs/source/markdown')
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 7 | ||||
-rw-r--r-- | docs/source/markdown/podman-network-reload.1.md | 62 | ||||
-rw-r--r-- | docs/source/markdown/podman-network.1.md | 17 |
3 files changed, 78 insertions, 8 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 843e2b22f..64bfdb377 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -845,11 +845,18 @@ Security Options - `label=filetype:TYPE` : Set the label file type for the container files - `label=disable` : Turn off label separation for the container +- `mask=/path/1:/path/2` : The paths to mask separated by a colon. A masked path + cannot be accessed inside the container. + - `no-new-privileges` : Disable container processes from gaining additional privileges - `seccomp=unconfined` : Turn off seccomp confinement for the container - `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter +- `unmask=ALL or /path/1:/path/2` : Paths to unmask separated by a colon. If set to **ALL**, it will + unmask all the paths that are masked by default. + The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** + - `proc-opts=OPTIONS` : Comma separated list of options to use for the /proc mount. More details for the possible mount options are specified at **proc(5)** man page. diff --git a/docs/source/markdown/podman-network-reload.1.md b/docs/source/markdown/podman-network-reload.1.md new file mode 100644 index 000000000..dd8047297 --- /dev/null +++ b/docs/source/markdown/podman-network-reload.1.md @@ -0,0 +1,62 @@ +% podman-network-reload(1) + +## NAME +podman\-network\-reload - Reload network configuration for containers + +## SYNOPSIS +**podman network reload** [*options*] [*container...*] + +## DESCRIPTION +Reload one or more container network configurations. + +Rootful Podman relies on iptables rules in order to provide network connectivity. If the iptables rules are deleted, +this happens for example with `firewall-cmd --reload`, the container loses network connectivity. This command restores +the network connectivity. + +This command is not available for rootless users since rootless containers are not affected by such connectivity problems. + +## OPTIONS +#### **--all**, **-a** + +Reload network configuration of all containers. + +#### **--latest**, **-l** + +Instead of providing the container name or ID, use the last created container. If you use methods other than Podman +to run containers such as CRI-O, the last started container could be from either of those methods. + +The latest option is not supported on the remote client. + +## EXAMPLE + +Reload the network configuration after a firewall reload. + +``` +# podman run -p 80:80 -d nginx +b1b538e8bc4078fc3ee1c95b666ebc7449b9a97bacd15bcbe464a29e1be59c1c +# curl 127.0.0.1 +works +# sudo firewall-cmd --reload +success +# curl 127.0.0.1 +hangs +# podman network reload b1b538e8bc40 +b1b538e8bc4078fc3ee1c95b666ebc7449b9a97bacd15bcbe464a29e1be59c1c +# curl 127.0.0.1 +works +``` + +Reload the network configuration for all containers. + +``` +# podman network reload --all +b1b538e8bc4078fc3ee1c95b666ebc7449b9a97bacd15bcbe464a29e1be59c1c +fe7e8eca56f844ec33af10f0aa3b31b44a172776e3277b9550a623ed5d96e72b +``` + + +## SEE ALSO +podman(1), podman-network(1) + +## HISTORY +December 2020, Originally compiled by Paul Holzinger <paul.holzinger@web.de> diff --git a/docs/source/markdown/podman-network.1.md b/docs/source/markdown/podman-network.1.md index bc161659a..41e2ae885 100644 --- a/docs/source/markdown/podman-network.1.md +++ b/docs/source/markdown/podman-network.1.md @@ -11,14 +11,15 @@ The network command manages CNI networks for Podman. ## COMMANDS -| Command | Man Page | Description | -| ------- | --------------------------------------------------- | ---------------------------------------------------------------------------- | -| connect | [podman-network-connect(1)](podman-network-connect.1.md)| Connect a container to a network| -| create | [podman-network-create(1)](podman-network-create.1.md)| Create a Podman CNI network| -| disconnect | [podman-network-disconnect(1)](podman-network-disconnect.1.md)| Disconnect a container from a network| -| inspect | [podman-network-inspect(1)](podman-network-inspect.1.md)| Displays the raw CNI network configuration for one or more networks| -| ls | [podman-network-ls(1)](podman-network-ls.1.md)| Display a summary of CNI networks | -| rm | [podman-network-rm(1)](podman-network-rm.1.md)| Remove one or more CNI networks | +| Command | Man Page | Description | +| ---------- | -------------------------------------------------------------- | ------------------------------------------------------------------- | +| connect | [podman-network-connect(1)](podman-network-connect.1.md) | Connect a container to a network | +| create | [podman-network-create(1)](podman-network-create.1.md) | Create a Podman CNI network | +| disconnect | [podman-network-disconnect(1)](podman-network-disconnect.1.md) | Disconnect a container from a network | +| inspect | [podman-network-inspect(1)](podman-network-inspect.1.md) | Displays the raw CNI network configuration for one or more networks | +| ls | [podman-network-ls(1)](podman-network-ls.1.md) | Display a summary of CNI networks | +| reload | [podman-network-reload(1)](podman-network-reload.1.md) | Reload network configuration for containers | +| rm | [podman-network-rm(1)](podman-network-rm.1.md) | Remove one or more CNI networks | ## SEE ALSO podman(1) |