diff options
Diffstat (limited to 'docs/source/markdown')
-rw-r--r-- | docs/source/markdown/podman-build.1.md | 9 | ||||
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 25 | ||||
-rw-r--r-- | docs/source/markdown/podman-image-prune.1.md | 41 | ||||
-rw-r--r-- | docs/source/markdown/podman-image-sign.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman-pod-rm.1.md | 6 | ||||
-rw-r--r-- | docs/source/markdown/podman-pod-stop.1.md | 6 | ||||
-rw-r--r-- | docs/source/markdown/podman-remote.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman-rm.1.md | 19 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 25 | ||||
-rw-r--r-- | docs/source/markdown/podman-stop.1.md | 14 |
10 files changed, 140 insertions, 9 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 567d0ead3..6c8f239a6 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -342,8 +342,8 @@ than the one in storage. Raise an error if the image is not in any listed registry and is not present locally. If the flag is disabled (with *--pull=false*), do not pull the image from the -registry, use only the local version. Raise an error if the image is not -present locally. +registry, unless there is no local image. Raise an error if the image is not +in any registry and is not present locally. Defaults to *true*. @@ -352,6 +352,11 @@ Defaults to *true*. Pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally. +**--pull-never** + +Do not pull the image from the registry, use only the local version. Raise an error +if the image is not present locally. + **--quiet**, **-q** Suppress output messages which indicate which instruction is being processed, diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index d9ee69f82..82d2e8f6a 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -334,7 +334,7 @@ option to `false`. The environment variables passed in include `http_proxy`, those. This option is only needed when the host system must use a proxy but the container should not use any proxy. Proxy environment variables specified for the container in any other way will override the values that would have -been passed thru from the host. (Other ways to specify the proxy for the +been passed through from the host. (Other ways to specify the proxy for the container include passing the values with the `--env` flag, or hard coding the proxy environment at container build time.) @@ -817,6 +817,10 @@ container. The `OPTIONS` are a comma delimited list and can be: * [rw|ro] * [z|Z] * [`[r]shared`|`[r]slave`|`[r]private`] +* [`[r]bind`] +* [`noexec`|`exec`] +* [`nodev`|`dev`] +* [`nosuid`|`suid`] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume will be mounted into the container at this directory. @@ -870,6 +874,25 @@ where source dir is mounted on) has to have right propagation properties. For shared volumes, source mount point has to be shared. And for slave volumes, source mount has to be either shared or slave. +If you want to recursively mount a volume and all of it's submounts into a +container, then you can use the `rbind` option. By default the bind option is +used, and submounts of the source directory will not be mounted into the +container. + +Mounting the volume with the `nosuid` options means that SUID applications on +the volume will not be able to change their privilege. By default volumes +are mounted with `nosuid`. + +Mounting the volume with the noexec option means that no executables on the +volume will be able to executed within the container. + +Mounting the volume with the nodev option means that no devices on the volume +will be able to be used by processes within the container. By default volumes +are mounted with `nodev`. + +If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are +ignored by the kernel. + Use `df <source-dir>` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one diff --git a/docs/source/markdown/podman-image-prune.1.md b/docs/source/markdown/podman-image-prune.1.md index b844a9f63..0155ebcd1 100644 --- a/docs/source/markdown/podman-image-prune.1.md +++ b/docs/source/markdown/podman-image-prune.1.md @@ -25,13 +25,16 @@ Print usage statement Remove all dangling images from local storage ``` $ sudo podman image prune + +WARNING! This will remove all dangling images. +Are you sure you want to continue? [y/N] y f3e20dc537fb04cb51672a5cb6fdf2292e61d411315549391a0d1f64e4e3097e 324a7a3b2e0135f4226ffdd473e4099fd9e477a74230cdc35de69e84c0f9d907 ``` -Remove all unused images from local storage +Remove all unused images from local storage without confirming ``` -$ sudo podman image prune -a +$ sudo podman image prune -a -f f3e20dc537fb04cb51672a5cb6fdf2292e61d411315549391a0d1f64e4e3097e 324a7a3b2e0135f4226ffdd473e4099fd9e477a74230cdc35de69e84c0f9d907 6125002719feb1ddf3030acab1df6156da7ce0e78e571e9b6e9c250424d6220c @@ -41,6 +44,40 @@ e4e5109420323221f170627c138817770fb64832da7d8fe2babd863148287fca ``` +Remove all unused images from local storage since given time/hours. +``` +$ sudo podman image prune -a --filter until=2019-11-14T06:15:42.937792374Z + +WARNING! This will remove all dangling images. +Are you sure you want to continue? [y/N] y +e813d2135f17fadeffeea8159a34cfdd4c30b98d8111364b913a91fd930643e9 +5e6572320437022e2746467ddf5b3561bf06e099e8e6361df27e0b2a7ed0b17b +58fda2abf5042b35dfe04e5f8ee458a3cc26375bf309efb42c078b551a2055c7 +6d2bd30fe924d3414b64bd3920760617e6ced872364bc3bc6959a623252da002 +33d1c829be64a1e1d379caf4feec1f05a892c3ef7aa82c0be53d3c08a96c59c5 +f9f0a8a58c9e02a2b3250b88cc5c95b1e10245ca2c4161d19376580aaa90f55c +1ef14d5ede80db78978b25ad677fd3e897a578c3af614e1fda608d40c8809707 +45e1482040e441a521953a6da2eca9bafc769e15667a07c23720d6e0cafc3ab2 + +$ sudo podman image prune -f --filter until=10h +f3e20dc537fb04cb51672a5cb6fdf2292e61d411315549391a0d1f64e4e3097e +324a7a3b2e0135f4226ffdd473e4099fd9e477a74230cdc35de69e84c0f9d907 +``` + +Remove all unused images from local storage with label version 1.0 +``` +$ sudo podman image prune -a -f --filter label=version=1.0 +e813d2135f17fadeffeea8159a34cfdd4c30b98d8111364b913a91fd930643e9 +5e6572320437022e2746467ddf5b3561bf06e099e8e6361df27e0b2a7ed0b17b +58fda2abf5042b35dfe04e5f8ee458a3cc26375bf309efb42c078b551a2055c7 +6d2bd30fe924d3414b64bd3920760617e6ced872364bc3bc6959a623252da002 +33d1c829be64a1e1d379caf4feec1f05a892c3ef7aa82c0be53d3c08a96c59c5 +f9f0a8a58c9e02a2b3250b88cc5c95b1e10245ca2c4161d19376580aaa90f55c +1ef14d5ede80db78978b25ad677fd3e897a578c3af614e1fda608d40c8809707 +45e1482040e441a521953a6da2eca9bafc769e15667a07c23720d6e0cafc3ab2 + +``` + ## SEE ALSO podman(1), podman-images diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md index 62845e715..fa75691bc 100644 --- a/docs/source/markdown/podman-image-sign.1.md +++ b/docs/source/markdown/podman-image-sign.1.md @@ -41,7 +41,7 @@ The write (and read) location for signatures is defined in YAML-based configuration files in /etc/containers/registries.d/. When you sign an image, Podman will use those configuration files to determine where to write the signature based on the the name of the originating -registry or a default storage value unless overriden with the --directory +registry or a default storage value unless overridden with the --directory option. For example, consider the following configuration file. docker: diff --git a/docs/source/markdown/podman-pod-rm.1.md b/docs/source/markdown/podman-pod-rm.1.md index 6659534b4..aee582dc6 100644 --- a/docs/source/markdown/podman-pod-rm.1.md +++ b/docs/source/markdown/podman-pod-rm.1.md @@ -15,6 +15,12 @@ podman\-pod\-rm - Remove one or more pods Remove all pods. Can be used in conjunction with \-f as well. +**--ignore**, **-i** + +Ignore errors when specified pods are not in the container store. A user might +have decided to manually remove a pod which would lead to a failure during the +ExecStop directive of a systemd service referencing that pod. + **--latest**, **-l** Instead of providing the pod name or ID, remove the last created pod. diff --git a/docs/source/markdown/podman-pod-stop.1.md b/docs/source/markdown/podman-pod-stop.1.md index b3ce47d72..73c347cec 100644 --- a/docs/source/markdown/podman-pod-stop.1.md +++ b/docs/source/markdown/podman-pod-stop.1.md @@ -15,6 +15,12 @@ Stop containers in one or more pods. You may use pod IDs or names as input. Stops all pods +**--ignore**, **-i** + +Ignore errors when specified pods are not in the container store. A user might +have decided to manually remove a pod which would lead to a failure during the +ExecStop directive of a systemd service referencing that pod. + **--latest**, **-l** Instead of providing the pod name or ID, stop the last created pod. diff --git a/docs/source/markdown/podman-remote.1.md b/docs/source/markdown/podman-remote.1.md index 04010abaf..bbc54a2a6 100644 --- a/docs/source/markdown/podman-remote.1.md +++ b/docs/source/markdown/podman-remote.1.md @@ -17,7 +17,7 @@ Podman uses Buildah(1) internally to create container images. Both tools share i (not container) storage, hence each can use or manipulate images (but not containers) created by the other. -Podman-remote provides a local client interacting with a Podman backend node through a varlink ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the varlink service activated. Credentials for this session can be passed in using flags, enviroment variables, or in `podman-remote.conf` +Podman-remote provides a local client interacting with a Podman backend node through a varlink ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the varlink service activated. Credentials for this session can be passed in using flags, environment variables, or in `podman-remote.conf` **podman [GLOBAL OPTIONS]** diff --git a/docs/source/markdown/podman-rm.1.md b/docs/source/markdown/podman-rm.1.md index 207d9d61d..782feac6f 100644 --- a/docs/source/markdown/podman-rm.1.md +++ b/docs/source/markdown/podman-rm.1.md @@ -18,6 +18,10 @@ Running or unusable containers will not be removed without the `-f` option. Remove all containers. Can be used in conjunction with -f as well. +**--cidfile** + +Read container ID from the specified file and remove the container. Can be specified multiple times. + **--force**, **-f** Force the removal of running and paused containers. Forcing a container removal also @@ -26,6 +30,12 @@ Containers could have been created by a different container engine. In addition, forcing can be used to remove unusable containers, e.g. containers whose OCI runtime has become unavailable. +**--ignore**, **-i** + +Ignore errors when specified containers are not in the container store. A user +might have decided to manually remove a container which would lead to a failure +during the ExecStop directive of a systemd service referencing that container. + **--latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman @@ -42,18 +52,25 @@ The storage option conflicts with the **--all**, **--latest**, and **--volumes** **--volumes**, **-v** -Remove the volumes associated with the container. +Remove anonymous volumes associated with the container. This does not include named volumes +created with `podman volume create`, or the `--volume` option of `podman run` and `podman create`. ## EXAMPLE Remove a container by its name *mywebserver* ``` podman rm mywebserver ``` + Remove several containers by name and container id. ``` podman rm mywebserver myflaskserver 860a4b23 ``` +Remove several containers reading their IDs from files. +``` +podman rm --cidfile ./cidfile-1 --cidfile /home/user/cidfile-2 +``` + Forcibly remove a container by container ID. ``` podman rm -f 860a4b23 diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 28b00ee29..e1177cb34 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -341,7 +341,7 @@ option to `false`. The environment variables passed in include `http_proxy`, those. This option is only needed when the host system must use a proxy but the container should not use any proxy. Proxy environment variables specified for the container in any other way will override the values that would have -been passed thru from the host. (Other ways to specify the proxy for the +been passed through from the host. (Other ways to specify the proxy for the container include passing the values with the `--env` flag, or hard coding the proxy environment at container build time.) @@ -860,6 +860,10 @@ create one. * [`rw`|`ro`] * [`z`|`Z`] * [`[r]shared`|`[r]slave`|`[r]private`] +* [`[r]bind`] +* [`noexec`|`exec`] +* [`nodev`|`dev`] +* [`nosuid`|`suid`] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume will be mounted into the container at this directory. @@ -913,6 +917,25 @@ where source dir is mounted on) has to have right propagation properties. For shared volumes, source mount point has to be shared. And for slave volumes, source mount has to be either shared or slave. +If you want to recursively mount a volume and all of it's submounts into a +container, then you can use the `rbind` option. By default the bind option is +used, and submounts of the source directory will not be mounted into the +container. + +Mounting the volume with the `nosuid` options means that SUID applications on +the volume will not be able to change their privilege. By default volumes +are mounted with `nosuid`. + +Mounting the volume with the noexec option means that no executables on the +volume will be able to executed within the container. + +Mounting the volume with the nodev option means that no devices on the volume +will be able to be used by processes within the container. By default volumes +are mounted with `nodev`. + +If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are +ignored by the kernel. + Use `df <source-dir>` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one diff --git a/docs/source/markdown/podman-stop.1.md b/docs/source/markdown/podman-stop.1.md index b5ea670b0..3b5f17057 100644 --- a/docs/source/markdown/podman-stop.1.md +++ b/docs/source/markdown/podman-stop.1.md @@ -21,6 +21,16 @@ container and also via command line when creating the container. Stop all running containers. This does not include paused containers. +**--cidfile** + +Read container ID from the specified file and remove the container. Can be specified multiple times. + +**--ignore**, **-i** + +Ignore errors when specified containers are not in the container store. A user +might have decided to manually remove a container which would lead to a failure +during the ExecStop directive of a systemd service referencing that container. + **--latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman @@ -40,6 +50,10 @@ podman stop 860a4b235279 podman stop mywebserver 860a4b235279 +podman stop --cidfile /home/user/cidfile-1 + +podman stop --cidfile /home/user/cidfile-1 --cidfile ./cidfile-2 + podman stop --timeout 2 860a4b235279 podman stop -a |