summaryrefslogtreecommitdiff
path: root/docs/source/markdown
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/markdown')
-rw-r--r--docs/source/markdown/podman-create.1.md12
-rw-r--r--docs/source/markdown/podman-info.1.md191
-rw-r--r--docs/source/markdown/podman-network-create.1.md10
-rw-r--r--docs/source/markdown/podman-play-kube.1.md25
-rw-r--r--docs/source/markdown/podman-pod-logs.1.md88
-rw-r--r--docs/source/markdown/podman-pod.1.md5
-rw-r--r--docs/source/markdown/podman-run.1.md12
7 files changed, 231 insertions, 112 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 0e32fb20d..00e94b41d 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -1125,21 +1125,21 @@ Example: `containers:2147483647:2147483648`.
Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode
- Valid `auto`options:
+ Valid `auto` options:
- *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace.
- *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
- *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace.
-- **container:**_id_: join the user namespace of the specified container.
+**container:**_id_: join the user namespace of the specified container.
-- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
-- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
+**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
-- **ns:**_namespace_: run the container in the given existing user namespace.
+**ns:**_namespace_: run the container in the given existing user namespace.
-- **private**: create a new namespace for the container.
+**private**: create a new namespace for the container.
This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md
index 227fbd92d..7127f9026 100644
--- a/docs/source/markdown/podman-info.1.md
+++ b/docs/source/markdown/podman-info.1.md
@@ -31,23 +31,18 @@ Run podman info with plain text response:
$ podman info
host:
arch: amd64
- buildahVersion: 1.19.0-dev
- cgroupControllers:
- - cpuset
- - cpu
- - io
- - memory
- - pids
+ buildahVersion: 1.22.3
+ cgroupControllers: []
cgroupManager: systemd
cgroupVersion: v2
conmon:
- package: conmon-2.0.22-2.fc33.x86_64
+ package: conmon-2.0.29-2.fc34.x86_64
path: /usr/bin/conmon
- version: 'conmon version 2.0.22, commit: 1be6c73605006a85f7ed60b7f76a51e28eb67e01'
+ version: 'conmon version 2.0.29, commit: '
cpus: 8
distribution:
distribution: fedora
- version: "33"
+ version: "34"
eventLogger: journald
hostname: localhost.localdomain
idMappings:
@@ -65,108 +60,112 @@ host:
- container_id: 1
host_id: 100000
size: 65536
- kernel: 5.9.11-200.fc33.x86_64
+ kernel: 5.13.13-200.fc34.x86_64
linkmode: dynamic
- memFree: 837505024
- memTotal: 16416481280
+ logDriver: journald
+ memFree: 1351262208
+ memTotal: 16401895424
ociRuntime:
name: crun
- package: crun-0.16-1.fc33.x86_64
+ package: crun-1.0-1.fc34.x86_64
path: /usr/bin/crun
version: |-
- crun version 0.16
- commit: eb0145e5ad4d8207e84a327248af76663d4e50dd
+ crun version 1.0
+ commit: 139dc6971e2f1d931af520188763e984d6cdfbf8
spec: 1.0.0
- +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
+ +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
remoteSocket:
- exists: true
path: /run/user/3267/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
+ seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
+ serviceIsRemote: false
slirp4netns:
executable: /bin/slirp4netns
- package: slirp4netns-1.1.4-4.dev.giteecccdb.fc33.x86_64
+ package: slirp4netns-1.1.12-2.fc34.x86_64
version: |-
- slirp4netns version 1.1.4+dev
- commit: eecccdb96f587b11d7764556ffacfeaffe4b6e11
- libslirp: 4.3.1
+ slirp4netns version 1.1.12
+ commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
+ libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.0
- swapFree: 6509203456
- swapTotal: 12591292416
- uptime: 264h 14m 32.73s (Approximately 11.00 days)
+ swapFree: 16818888704
+ swapTotal: 16886259712
+ uptime: 33h 57m 32.85s (Approximately 1.38 days)
+plugins:
+ log:
+ - k8s-file
+ - none
+ - journald
+ network:
+ - bridge
+ - macvlan
+ volume:
+ - local
registries:
+ localhost:5000:
+ Blocked: false
+ Insecure: true
+ Location: localhost:5000
+ MirrorByDigestOnly: false
+ Mirrors: null
+ Prefix: localhost:5000
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- - registry.centos.org
- docker.io
store:
configFile: /home/dwalsh/.config/containers/storage.conf
containerStore:
- number: 3
+ number: 2
paused: 0
- running: 0
- stopped: 3
+ running: 1
+ stopped: 1
graphDriverName: overlay
- graphOptions:
- overlay.mount_program:
- Executable: /home/dwalsh/bin/fuse-overlayfs
- Package: Unknown
- Version: |-
- fusermount3 version: 3.9.3
- fuse-overlayfs: version 0.7.2
- FUSE library version 3.9.3
- using FUSE kernel interface version 7.31
+ graphOptions: {}
graphRoot: /home/dwalsh/.local/share/containers/storage
graphStatus:
Backing Filesystem: extfs
- Native Overlay Diff: "false"
+ Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageStore:
- number: 77
+ number: 37
runRoot: /run/user/3267/containers
volumePath: /home/dwalsh/.local/share/containers/storage/volumes
version:
- APIVersion: 3.0.0
- Built: 1608562922
- BuiltTime: Mon Dec 21 10:02:02 2020
- GitCommit: d6925182cdaf94225908a386d02eae8fd3e01123-dirty
- GoVersion: go1.15.5
+ APIVersion: 3.3.1
+ Built: 1631137208
+ BuiltTime: Wed Sep 8 17:40:08 2021
+ GitCommit: ab272d1e9bf4daac224fb230e0c9b5c56c4cab4d-dirty
+ GoVersion: go1.16.6
OsArch: linux/amd64
- Version: 3.0.0-dev
-
+ Version: 3.3.1
```
Run podman info with JSON formatted response:
```
+$ ./bin/podman info --format json
{
"host": {
"arch": "amd64",
- "buildahVersion": "1.19.0-dev",
+ "buildahVersion": "1.22.3",
"cgroupManager": "systemd",
"cgroupVersion": "v2",
- "cgroupControllers": [
- "cpuset",
- "cpu",
- "io",
- "memory",
- "pids"
- ],
+ "cgroupControllers": [],
"conmon": {
- "package": "conmon-2.0.22-2.fc33.x86_64",
+ "package": "conmon-2.0.29-2.fc34.x86_64",
"path": "/usr/bin/conmon",
- "version": "conmon version 2.0.22, commit: 1be6c73605006a85f7ed60b7f76a51e28eb67e01"
+ "version": "conmon version 2.0.29, commit: "
},
"cpus": 8,
"distribution": {
"distribution": "fedora",
- "version": "33"
+ "version": "34"
},
"eventLogger": "journald",
"hostname": "localhost.localdomain",
@@ -196,81 +195,99 @@ Run podman info with JSON formatted response:
}
]
},
- "kernel": "5.9.11-200.fc33.x86_64",
- "memFree": 894574592,
- "memTotal": 16416481280,
+ "kernel": "5.13.13-200.fc34.x86_64",
+ "logDriver": "journald",
+ "memFree": 1274040320,
+ "memTotal": 16401895424,
"ociRuntime": {
"name": "crun",
- "package": "crun-0.16-1.fc33.x86_64",
+ "package": "crun-1.0-1.fc34.x86_64",
"path": "/usr/bin/crun",
- "version": "crun version 0.16\ncommit: eb0145e5ad4d8207e84a327248af76663d4e50dd\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL"
+ "version": "crun version 1.0\ncommit: 139dc6971e2f1d931af520188763e984d6cdfbf8\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL"
},
"os": "linux",
"remoteSocket": {
- "path": "/run/user/3267/podman/podman.sock",
- "exists": true
+ "path": "/run/user/3267/podman/podman.sock"
},
+ "serviceIsRemote": false,
"security": {
"apparmorEnabled": false,
"capabilities": "CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT",
"rootless": true,
"seccompEnabled": true,
+ "seccompProfilePath": "/usr/share/containers/seccomp.json",
"selinuxEnabled": true
},
"slirp4netns": {
"executable": "/bin/slirp4netns",
- "package": "slirp4netns-1.1.4-4.dev.giteecccdb.fc33.x86_64",
- "version": "slirp4netns version 1.1.4+dev\ncommit: eecccdb96f587b11d7764556ffacfeaffe4b6e11\nlibslirp: 4.3.1\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0"
+ "package": "slirp4netns-1.1.12-2.fc34.x86_64",
+ "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0"
},
- "swapFree": 6509203456,
- "swapTotal": 12591292416,
- "uptime": "264h 13m 12.39s (Approximately 11.00 days)",
+ "swapFree": 16818888704,
+ "swapTotal": 16886259712,
+ "uptime": "33h 59m 25.69s (Approximately 1.38 days)",
"linkmode": "dynamic"
},
"store": {
"configFile": "/home/dwalsh/.config/containers/storage.conf",
"containerStore": {
- "number": 3,
+ "number": 2,
"paused": 0,
- "running": 0,
- "stopped": 3
+ "running": 1,
+ "stopped": 1
},
"graphDriverName": "overlay",
"graphOptions": {
- "overlay.mount_program": {
- "Executable": "/home/dwalsh/bin/fuse-overlayfs",
- "Package": "Unknown",
- "Version": "fusermount3 version: 3.9.3\nfuse-overlayfs: version 0.7.2\nFUSE library version 3.9.3\nusing FUSE kernel interface version 7.31"
-}
},
"graphRoot": "/home/dwalsh/.local/share/containers/storage",
"graphStatus": {
"Backing Filesystem": "extfs",
- "Native Overlay Diff": "false",
+ "Native Overlay Diff": "true",
"Supports d_type": "true",
"Using metacopy": "false"
},
"imageStore": {
- "number": 77
+ "number": 37
},
"runRoot": "/run/user/3267/containers",
"volumePath": "/home/dwalsh/.local/share/containers/storage/volumes"
},
"registries": {
+ "localhost:5000": {
+ "Prefix": "localhost:5000",
+ "Location": "localhost:5000",
+ "Insecure": true,
+ "Mirrors": null,
+ "Blocked": false,
+ "MirrorByDigestOnly": false
+},
"search": [
"registry.fedoraproject.org",
"registry.access.redhat.com",
- "registry.centos.org",
"docker.io"
]
},
+ "plugins": {
+ "volume": [
+ "local"
+ ],
+ "network": [
+ "bridge",
+ "macvlan"
+ ],
+ "log": [
+ "k8s-file",
+ "none",
+ "journald"
+ ]
+ },
"version": {
- "APIVersion": "3.0.0",
- "Version": "3.0.0-dev",
- "GoVersion": "go1.15.5",
- "GitCommit": "d6925182cdaf94225908a386d02eae8fd3e01123-dirty",
- "BuiltTime": "Mon Dec 21 10:02:02 2020",
- "Built": 1608562922,
+ "APIVersion": "3.3.1",
+ "Version": "3.3.1",
+ "GoVersion": "go1.16.6",
+ "GitCommit": "",
+ "BuiltTime": "Mon Aug 30 16:46:36 2021",
+ "Built": 1630356396,
"OsArch": "linux/amd64"
}
}
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md
index d110c4ceb..04290c188 100644
--- a/docs/source/markdown/podman-network-create.1.md
+++ b/docs/source/markdown/podman-network-create.1.md
@@ -25,7 +25,8 @@ resolution.
#### **--driver**, **-d**
-Driver to manage the network (default "bridge"). Currently only `bridge` is supported.
+Driver to manage the network. Currently `bridge` and `macvlan` is supported. Defaults to `bridge`.
+As rootless the `macvlan` driver has no access to the host network interfaces because rootless networking requires a separate network namespace.
#### **--opt**=*option*, **-o**
@@ -54,13 +55,6 @@ must be used with a *subnet* option.
Set metadata for a network (e.g., --label mykey=value).
-#### **--macvlan**
-
-*This option is being deprecated*
-
-Create a *Macvlan* based connection rather than a classic bridge. You must pass an interface name from the host for the
-Macvlan connection.
-
#### **--subnet**
The subnet in CIDR notation.
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 33f79e7ef..6af1bde1d 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -113,9 +113,28 @@ Set logging driver for all created containers.
Assign a static mac address to the pod. This option can be specified several times when play kube creates more than one pod.
-#### **--network**=*networks*, **--net**
-
-A comma-separated list of the names of CNI networks the pod should join.
+#### **--network**=*mode*, **--net**
+
+Change the network mode of the pod. The host and bridge network mode should be configured in the yaml file.
+Valid _mode_ values are:
+
+- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
+- **container:**_id_: Reuse another container's network stack.
+- **network**: Connect to a user-defined network, multiple networks should be comma-separated.
+- **ns:**_path_: Path to a network namespace to join.
+- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootfull containers and **slirp4netns** for rootless ones.
+- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
+ - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`, which is added to `/etc/hosts` as `host.containers.internal` for your convenience). Default is false.
+ - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
+ - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
+ - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
+ - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
+ - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
+ - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
+ - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
+ - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
+ Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+ - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
#### **--quiet**, **-q**
diff --git a/docs/source/markdown/podman-pod-logs.1.md b/docs/source/markdown/podman-pod-logs.1.md
new file mode 100644
index 000000000..8378f2eea
--- /dev/null
+++ b/docs/source/markdown/podman-pod-logs.1.md
@@ -0,0 +1,88 @@
+% podman-pod-logs(1)
+
+## NAME
+podman\-pod\-logs - Displays logs for pod with one or more containers
+
+## SYNOPSIS
+**podman pod logs** [*options*] *pod*
+
+## DESCRIPTION
+The podman pod logs command batch-retrieves whatever logs are present with all the containers of a pod. Pod logs can be filtered by container name or id using flag **-c** or **--container** if needed.
+
+Note: Long running command of `podman pod log` with a `-f` or `--follow` needs to be reinvoked if new container is added to the pod dynamically otherwise logs of newly added containers would not be visible in log stream.
+
+## OPTIONS
+
+#### **--container**, **-c**
+
+By default `podman pod logs` retrives logs for all the containers available within the pod differentiate by field `container`. However there are use-cases where user would want to limit the log stream only to a particular container of a pod for such cases `-c` can be used like `podman pod logs -c ctrNameorID podname`.
+
+#### **--follow**, **-f**
+
+Follow log output. Default is false.
+
+Note: If you are following a pod which is removed `podman pod rm`, then there is a
+chance the the log file will be removed before `podman pod logs` reads the final content.
+
+#### **--latest**, **-l**
+
+Instead of providing the pod name or id, get logs of the last created pod. (This option is not available with the remote Podman client)
+
+#### **--since**=*TIMESTAMP*
+
+Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration
+strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
+time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
+and 2006-01-02.
+
+#### **--until**=*TIMESTAMP*
+
+Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
+strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
+time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
+and 2006-01-02.
+
+
+#### **--tail**=*LINES*
+
+Output the specified number of LINES at the end of the logs. LINES must be an integer. Defaults to -1,
+which prints all lines
+
+#### **--timestamps**, **-t**
+
+Show timestamps in the log outputs. The default is false
+
+## EXAMPLE
+
+To view a pod's logs:
+```
+podman pod logs -t podIdorName
+```
+
+To view logs of a specific container on the pod
+```
+podman pod logs -c ctrIdOrName podIdOrName
+```
+
+To view all pod logs:
+```
+podman pod logs -t --since 0 myserver-pod-1
+```
+
+To view a pod's logs since a certain time:
+```
+podman pod logs -t --since 2017-08-07T10:10:09.055837383-04:00 myserver-pod-1
+```
+
+To view a pod's logs generated in the last 10 minutes:
+```
+podman pod logs --since 10m myserver-pod-1
+```
+
+To view a pod's logs until 30 minutes ago:
+```
+podman pod logs --until 30m myserver-pod-1
+```
+
+## SEE ALSO
+podman(1), podman-pod-start(1), podman-pod-rm(1), podman-logs(1)
diff --git a/docs/source/markdown/podman-pod.1.md b/docs/source/markdown/podman-pod.1.md
index e5a8207e9..9de2442bd 100644
--- a/docs/source/markdown/podman-pod.1.md
+++ b/docs/source/markdown/podman-pod.1.md
@@ -17,11 +17,12 @@ podman pod is a set of subcommands that manage pods, or groups of containers.
| exists | [podman-pod-exists(1)](podman-pod-exists.1.md) | Check if a pod exists in local storage. |
| inspect | [podman-pod-inspect(1)](podman-pod-inspect.1.md) | Displays information describing a pod. |
| kill | [podman-pod-kill(1)](podman-pod-kill.1.md) | Kill the main process of each container in one or more pods. |
+| logs | [podman-pod-logs(1)](podman-pod-logs.1.md) | Displays logs for pod with one or more containers. |
| pause | [podman-pod-pause(1)](podman-pod-pause.1.md) | Pause one or more pods. |
-| prune | [podman-pod-prune(1)](podman-pod-prune.1.md) | Remove all stopped pods and their containers. |
+| prune | [podman-pod-prune(1)](podman-pod-prune.1.md) | Remove all stopped pods and their containers. |
| ps | [podman-pod-ps(1)](podman-pod-ps.1.md) | Prints out information about pods. |
| restart | [podman-pod-restart(1)](podman-pod-restart.1.md) | Restart one or more pods. |
-| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more stopped pods and containers. |
+| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more stopped pods and containers. |
| start | [podman-pod-start(1)](podman-pod-start.1.md) | Start one or more pods. |
| stats | [podman-pod-stats(1)](podman-pod-stats.1.md) | Display a live stream of resource usage stats for containers in one or more pods. |
| stop | [podman-pod-stop(1)](podman-pod-stop.1.md) | Stop one or more pods. |
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 3bbe41cc2..63224b49d 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -1184,21 +1184,21 @@ Example: `containers:2147483647:2147483648`.
Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode
- Valid `auto`options:
+ Valid `auto` options:
- *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace.
- *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
- *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace.
-- **container:**_id_: join the user namespace of the specified container.
+**container:**_id_: join the user namespace of the specified container.
-- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
-- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
+**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
-- **ns:**_namespace_: run the container in the given existing user namespace.
+**ns:**_namespace_: run the container in the given existing user namespace.
-- **private**: create a new namespace for the container.
+**private**: create a new namespace for the container.
This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.