diff options
Diffstat (limited to 'docs/source/markdown')
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 16 | ||||
-rw-r--r-- | docs/source/markdown/podman-generate-systemd.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman-pod-stop.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman-restart.1.md | 4 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 4 | ||||
-rw-r--r-- | docs/source/markdown/podman-stop.1.md | 8 | ||||
-rw-r--r-- | docs/source/markdown/podman-version.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman.1.md | 9 |
8 files changed, 23 insertions, 24 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index aa2456836..38b95edc3 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -44,7 +44,7 @@ each of stdin, stdout, and stderr. **--authfile**=*path* -Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json +Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` (Not available for remote commands) @@ -70,8 +70,8 @@ Drop Linux capabilities Set the cgroup namespace mode for the container. **host**: use the host's cgroup namespace inside the container. **container:<NAME|ID>**: join the namespace of the specified container. - **private**: create a new cgroup namespace. **ns:<PATH>**: join the namespace at the specified path. + **private**: create a new cgroup namespace. If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the default is **private**. @@ -550,6 +550,7 @@ Valid values are: - `host`: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - `<network-name>|<network-id>`: connect to a user-defined network, multiple networks should be comma separated - `ns:<path>`: path to a network namespace to join +- `private`: create a new namespace for the container (default) - `slirp4netns`: use slirp4netns to create a user network stack. This is the default for rootless containers **--network-alias**=*alias* @@ -579,9 +580,10 @@ Tune the host's OOM preferences for containers (accepts -1000 to 1000) Set the PID mode for the container Default is to create a private PID namespace for the container - 'container:<name|id>': join another container's PID namespace - 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. - 'ns': join the specified PID namespace +- `container:<name|id>`: join another container's PID namespace +- `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +- `ns`: join the specified PID namespace +- `private`: create a new namespace for the container (default) **--pids-limit**=*limit* @@ -824,14 +826,16 @@ Without this argument the command will be run as root in the container. **--userns**=*host* **--userns**=*keep-id* **--userns**=container:container +**--userns**=private **--userns**=*ns:my_namespace* Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value means user namespaces are disabled. +- `container`: join the user namespace of the specified container. - `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user. - `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. - `ns`: run the container in the given existing user namespace. -- `container`: join the user namespace of the specified container. +- `private`: create a new namespace for the container (default) This option is incompatible with --gidmap, --uidmap, --subuid and --subgid diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 27b40bbb6..57ed9a5eb 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -27,7 +27,7 @@ Use the name of the container for the start, stop, and description in the unit f Create a new container via podman-run instead of starting an existing one. This option relies on container configuration files, which may not map directly to podman CLI flags; please review the generated output carefully before placing in production. Since we use systemd `Type=forking` service, using this option will force the container run with the detached param `-d` -**--timeout**, **-t**=*value* +**--time**, **-t**=*value* Override the default stop timeout for the container with the given value. diff --git a/docs/source/markdown/podman-pod-stop.1.md b/docs/source/markdown/podman-pod-stop.1.md index 42d2a2d3f..b5e7aef7d 100644 --- a/docs/source/markdown/podman-pod-stop.1.md +++ b/docs/source/markdown/podman-pod-stop.1.md @@ -27,7 +27,7 @@ Instead of providing the pod name or ID, stop the last created pod. The latest option is not supported on the remote client. -**--timeout**, **-t**=*time* +**--time**, **-t**=*time* Timeout to wait before forcibly stopping the containers in the pod. diff --git a/docs/source/markdown/podman-restart.1.md b/docs/source/markdown/podman-restart.1.md index 6507530e1..87217f096 100644 --- a/docs/source/markdown/podman-restart.1.md +++ b/docs/source/markdown/podman-restart.1.md @@ -26,7 +26,7 @@ The latest option is not supported on the remote client. **--running** Restart all containers that are already in the *running* state. -**-t**, **--time**, **--timeout**=*time* +**-t**, **--time**=*time* Timeout to wait before forcibly stopping the container. @@ -46,7 +46,7 @@ ff6cf1e5e77e6dba1efc7f3fcdb20e8b89ad8947bc0518be1fcb2c78681f226f Restart two containers by name with a timeout of 4 seconds ``` -$ podman restart --timeout 4 test1 test2 +$ podman restart --time 4 test1 test2 c3bb026838c30e5097f079fa365c9a4769d52e1017588278fa00d5c68ebc1502 17e13a63081a995136f907024bcfe50ff532917988a152da229db9d894c5a9ec ``` diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 3225654b6..e8b7d56b7 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -561,6 +561,7 @@ Valid _mode_ values are: - **host**: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure; - _network-id_: connect to a user-defined network, multiple networks should be comma separated; - **ns:**_path_: path to a network namespace to join; +- `private`: create a new namespace for the container (default) - **slirp4netns**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. **--network-alias**=*alias* @@ -594,6 +595,7 @@ The efault is to create a private PID namespace for the container. - **container:**_id_: join another container's PID namespace; - **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure; +- **private**: create a new namespace for the container (default) - **ns:**_path_: join the specified PID namespace. **--pids-limit**=*limit* @@ -867,6 +869,7 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USER - **host**: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user. - **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. - **ns**: run the container in the given existing user namespace. +- **private**: create a new namespace for the container (default) - **container**: join the user namespace of the specified container. This option is incompatible with **--gidmap**, **--uidmap**, **--subuid** and **--subgid**. @@ -876,6 +879,7 @@ This option is incompatible with **--gidmap**, **--uidmap**, **--subuid** and ** Set the UTS namespace mode for the container. The following values are supported: - **host**: use the host's UTS namespace inside the container. +- **private**: create a new namespace for the container (default) - **ns**: use own UTS namespace. **NOTE**: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. diff --git a/docs/source/markdown/podman-stop.1.md b/docs/source/markdown/podman-stop.1.md index 7dbf18887..1534063a5 100644 --- a/docs/source/markdown/podman-stop.1.md +++ b/docs/source/markdown/podman-stop.1.md @@ -9,7 +9,7 @@ podman\-stop - Stop one or more running containers **podman container stop** [*options*] *container* ... ## DESCRIPTION -Stops one or more containers. You may use container IDs or names as input. The **--timeout** switch +Stops one or more containers. You may use container IDs or names as input. The **--time** switch allows you to specify the number of seconds to wait before forcibly stopping the container after the stop command is issued to the container. The default is 10 seconds. By default, containers are stopped with SIGTERM and then SIGKILL after the timeout. The SIGTERM default can be overridden by the image used to create the @@ -38,9 +38,9 @@ to run containers such as CRI-O, the last started container could be from either The latest option is not supported on the remote client. -**--timeout**, **--time**, **-t**=*time* +**--time**, **-t**=*time* -Timeout to wait before forcibly stopping the container +Time to wait before forcibly stopping the container ## EXAMPLES @@ -54,7 +54,7 @@ $ podman stop --cidfile /home/user/cidfile-1 $ podman stop --cidfile /home/user/cidfile-1 --cidfile ./cidfile-2 -$ podman stop --timeout 2 860a4b235279 +$ podman stop --time 2 860a4b235279 $ podman stop -a diff --git a/docs/source/markdown/podman-version.1.md b/docs/source/markdown/podman-version.1.md index de22c4800..86c270e02 100644 --- a/docs/source/markdown/podman-version.1.md +++ b/docs/source/markdown/podman-version.1.md @@ -7,7 +7,7 @@ podman\-version - Display the Podman version information **podman version** [*options*] ## DESCRIPTION -Shows the following information: Version, Go Version, Git Commit, Build Time, +Shows the following information: Remote API Version, Version, Go Version, Git Commit, Build Time, OS, and Architecture. ## OPTIONS diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 5797535f7..cd4148c95 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -31,18 +31,9 @@ Note: CGroup manager is not supported in rootless mode when using CGroups Versio **--cni-config-dir** Path of the configuration directory for CNI networks. (Default: `/etc/cni/net.d`) -**--config** -Path of a libpod config file detailing container server configuration options - -Default libpod config file is /usr/share/containers/libpod.conf. Override file is in /etc/containers/libpod.conf. In rootless mode the config file will be read from $HOME/.config/containers/libpod.conf. - **--conmon** Path of the conmon binary (Default path is configured in `libpod.conf`) -**--cpu-profile**=*path* - -Path to where the cpu performance results should be written - **--events-backend**=*type* Backend to use for storing events. Allowed values are **file**, **journald**, and **none**. |