diff options
Diffstat (limited to 'docs/source')
36 files changed, 210 insertions, 460 deletions
diff --git a/docs/source/markdown/.gitignore b/docs/source/markdown/.gitignore index 74e7fc075..af4c5360b 100644 --- a/docs/source/markdown/.gitignore +++ b/docs/source/markdown/.gitignore @@ -11,6 +11,7 @@ podman-login.1.md podman-logout.1.md podman-logs.1.md podman-manifest-add.1.md +podman-manifest-create.1.md podman-manifest-push.1.md podman-pause.1.md podman-pod-clone.1.md @@ -19,12 +20,15 @@ podman-pod-kill.1.md podman-pod-logs.1.md podman-pod-rm.1.md podman-pod-start.1.md +podman-pod-stats.1.md podman-pod-stop.1.md podman-pull.1.md podman-push.1.md podman-rm.1.md podman-run.1.md podman-search.1.md +podman-start.1.md +podman-stats.1.md podman-stop.1.md podman-unpause.1.md podman-update.1.md diff --git a/docs/source/markdown/options/interactive.md b/docs/source/markdown/options/interactive.md new file mode 100644 index 000000000..a28088368 --- /dev/null +++ b/docs/source/markdown/options/interactive.md @@ -0,0 +1,3 @@ +#### **--interactive**, **-i** + +When set to **true**, keep stdin open even if not attached. The default is **false**. diff --git a/docs/source/markdown/options/ip.md b/docs/source/markdown/options/ip.md new file mode 100644 index 000000000..8f251ee2e --- /dev/null +++ b/docs/source/markdown/options/ip.md @@ -0,0 +1,8 @@ +#### **--ip**=*ipv4* + +Specify a static IPv4 address for the <<container|pod>>, for example **10.88.64.128**. +This option can only be used if the <<container|pod>> is joined to only a single network - i.e., **--network=network-name** is used at most once - +and if the <<container|pod>> is not joining another container's network namespace via **--network=container:_id_**. +The address must be within the network's IP address pool (default **10.88.0.0/16**). + +To specify multiple static IP addresses per <<container|pod>>, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. diff --git a/docs/source/markdown/options/ip6.md b/docs/source/markdown/options/ip6.md new file mode 100644 index 000000000..feaae7c44 --- /dev/null +++ b/docs/source/markdown/options/ip6.md @@ -0,0 +1,8 @@ +#### **--ip6**=*ipv6* + +Specify a static IPv6 address for the <<container|pod>>, for example **fd46:db93:aa76:ac37::10**. +This option can only be used if the <<container|pod>> is joined to only a single network - i.e., **--network=network-name** is used at most once - +and if the <<container|pod>> is not joining another container's network namespace via **--network=container:_id_**. +The address must be within the network's IPv6 address pool. + +To specify multiple static IPv6 addresses per <<container|pod>>, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. diff --git a/docs/source/markdown/options/no-reset.md b/docs/source/markdown/options/no-reset.md new file mode 100644 index 000000000..ce5b95057 --- /dev/null +++ b/docs/source/markdown/options/no-reset.md @@ -0,0 +1,3 @@ +#### **--no-reset** + +Do not clear the terminal/screen in between reporting intervals diff --git a/docs/source/markdown/options/no-stream.md b/docs/source/markdown/options/no-stream.md new file mode 100644 index 000000000..a9d548ba0 --- /dev/null +++ b/docs/source/markdown/options/no-stream.md @@ -0,0 +1,3 @@ +#### **--no-stream** + +Disable streaming <<|pod >>stats and only pull the first result, default setting is false diff --git a/docs/source/markdown/options/os.pull.md b/docs/source/markdown/options/os.pull.md new file mode 100644 index 000000000..547a9fff8 --- /dev/null +++ b/docs/source/markdown/options/os.pull.md @@ -0,0 +1,4 @@ +#### **--os**=*OS* + +Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. +Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. diff --git a/docs/source/markdown/options/preserve-fds.md b/docs/source/markdown/options/preserve-fds.md new file mode 100644 index 000000000..61e33bdf4 --- /dev/null +++ b/docs/source/markdown/options/preserve-fds.md @@ -0,0 +1,5 @@ +#### **--preserve-fds**=*N* + +Pass down to the process N additional file descriptors (in addition to 0, 1, 2). +The total FDs will be 3+N. +(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) diff --git a/docs/source/markdown/options/publish-all.md b/docs/source/markdown/options/publish-all.md new file mode 100644 index 000000000..6651599a0 --- /dev/null +++ b/docs/source/markdown/options/publish-all.md @@ -0,0 +1,12 @@ +#### **--publish-all**, **-P** + +Publish all exposed ports to random ports on the host interfaces. The default is **false**. + +When set to **true**, publish all exposed ports to the host interfaces. The +default is **false**. If the operator uses **-P** (or **-p**) then Podman will make the +exposed port accessible on the host and the ports will be available to any +client that can reach the host. + +When using this option, Podman will bind any exposed port to a random port on the host +within an ephemeral port range defined by */proc/sys/net/ipv4/ip_local_port_range*. +To find the mapping between the host ports and the exposed ports, use **podman port**. diff --git a/docs/source/markdown/options/publish.md b/docs/source/markdown/options/publish.md new file mode 100644 index 000000000..a0394b692 --- /dev/null +++ b/docs/source/markdown/options/publish.md @@ -0,0 +1,19 @@ +#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* + +Publish a container's port, or range of ports,<<| within this pod>> to the host. + +Both *hostPort* and *containerPort* can be specified as a range of ports. +When specifying ranges for both, the number of container ports in the +range must match the number of host ports in the range. + +If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. + +By default, Podman will publish TCP ports. To publish a UDP port instead, give +`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, +with `tcp`, and `udp` as protocols respectively. Rootful containers can also +publish ports using the `sctp` protocol. + +Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). +If it is not, the container port will be randomly assigned a port on the host. + +Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. diff --git a/docs/source/markdown/options/rootfs.md b/docs/source/markdown/options/rootfs.md new file mode 100644 index 000000000..a03c4eef1 --- /dev/null +++ b/docs/source/markdown/options/rootfs.md @@ -0,0 +1,19 @@ +#### **--rootfs** + +If specified, the first argument refers to an exploded container on the file system. + +This is useful to run a container without requiring any image management, the rootfs +of the container is assumed to be managed externally. + + `Overlay Rootfs Mounts` + + The `:O` flag tells Podman to mount the directory from the rootfs path as +storage using the `overlay file system`. The container processes +can modify content within the mount point which is stored in the +container storage in a separate directory. In overlay terms, the source +directory will be the lower, and the container storage directory will be the +upper. Modifications to the mount point are destroyed when the container +finishes executing, similar to a tmpfs mount point being unmounted. + +Note: On **SELinux** systems, the rootfs needs the correct label, which is by default +**unconfined_u:object_r:container_file_t:s0**. diff --git a/docs/source/markdown/options/shm-size.md b/docs/source/markdown/options/shm-size.md new file mode 100644 index 000000000..18cafcb86 --- /dev/null +++ b/docs/source/markdown/options/shm-size.md @@ -0,0 +1,6 @@ +#### **--shm-size**=*number[unit]* + +Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes). +If you omit the unit, the system uses bytes. If you omit the size entirely, the default is **64m**. +When _size_ is **0**, there is no limit on the amount of memory used for IPC by the <<container|pod>>. +This option conflicts with **--ipc=host**. diff --git a/docs/source/markdown/options/tls-verify.md b/docs/source/markdown/options/tls-verify.md new file mode 100644 index 000000000..e3d6f491f --- /dev/null +++ b/docs/source/markdown/options/tls-verify.md @@ -0,0 +1,5 @@ +#### **--tls-verify** + +Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, +then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, +TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. diff --git a/docs/source/markdown/options/tty.md b/docs/source/markdown/options/tty.md new file mode 100644 index 000000000..04bd8af2c --- /dev/null +++ b/docs/source/markdown/options/tty.md @@ -0,0 +1,9 @@ +#### **--tty**, **-t** + +Allocate a pseudo-TTY. The default is **false**. + +When set to **true**, Podman will allocate a pseudo-tty and attach to the standard +input of the container. This can be used, for example, to run a throwaway +interactive shell. + +**NOTE**: The --tty flag prevents redirection of standard output. It combines STDOUT and STDERR, it can insert control characters, and it can hang pipes. This option should only be used when run interactively in a terminal. When feeding input to Podman, use -i only, not -it. diff --git a/docs/source/markdown/options/user.md b/docs/source/markdown/options/user.md new file mode 100644 index 000000000..6cf12d347 --- /dev/null +++ b/docs/source/markdown/options/user.md @@ -0,0 +1,7 @@ +#### **--user**, **-u**=*user[:group]* + +Sets the username or UID used and, optionally, the groupname or GID for the specified command. Both *user* and *group* may be symbolic or numeric. + +Without this argument, the command will run as the user specified in the container image. Unless overridden by a `USER` command in the Containerfile or by a value passed to this option, this user generally defaults to root. + +When a user namespace is not in use, the UID and GID used within the container and on the host will match. When user namespaces are in use, however, the UID and GID in the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in the container will by default correspond to the UID and GID of the user invoking Podman. diff --git a/docs/source/markdown/options/volumes-from.md b/docs/source/markdown/options/volumes-from.md new file mode 100644 index 000000000..ebef116e7 --- /dev/null +++ b/docs/source/markdown/options/volumes-from.md @@ -0,0 +1,32 @@ +#### **--volumes-from**=*CONTAINER[:OPTIONS]* + +Mount volumes from the specified container(s). Used to share volumes between +containers<<| and pods>>. The *options* is a comma-separated list with the following available elements: + +* **rw**|**ro** +* **z** + +Mounts already mounted volumes from a source container onto another +<<container|pod>>. _CONTAINER_ may be a name or ID. +To share a volume, use the --volumes-from option when running +the target container. Volumes can be shared even if the source container +is not running. + +By default, Podman mounts the volumes in the same mode (read-write or +read-only) as it is mounted in the source container. +This can be changed by adding a `ro` or `rw` _option_. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a <<container|pod>>. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Podman does not change the labels set by the OS. + +To change a label in the <<container|pod>> context, add `z` to the volume mount. +This suffix tells Podman to relabel file objects on the shared volumes. The `z` +option tells Podman that two entities share the volume content. As a result, +Podman labels the content with a shared content label. Shared volume labels allow +all containers to read/write content. + +If the location of the volume from the source container overlaps with +data residing on a target <<container|pod>>, then the volume hides +that data on the target. diff --git a/docs/source/markdown/podman-build.1.md.in b/docs/source/markdown/podman-build.1.md.in index ab31c492c..94644a051 100644 --- a/docs/source/markdown/podman-build.1.md.in +++ b/docs/source/markdown/podman-build.1.md.in @@ -564,13 +564,7 @@ container - `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter -#### **--shm-size**=*size* - -Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater -than `0`. -Unit is optional and can be `b` (bytes), `k` (kibibytes), `m`(mebibytes), or -`g` (gibibytes). If you omit the unit, the system uses bytes. If you omit the -size entirely, the system uses `64m`. +@@option shm-size #### **--sign-by**=*fingerprint* @@ -627,10 +621,7 @@ timestamp. If the only instruction in a Containerfile is `FROM`, this flag has no effect. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries -(defaults to true). (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) +@@option tls-verify #### **--ulimit**=*type=soft-limit[:hard-limit]* diff --git a/docs/source/markdown/podman-container-runlabel.1.md.in b/docs/source/markdown/podman-container-runlabel.1.md.in index 36e021ce4..bdbd306f2 100644 --- a/docs/source/markdown/podman-container-runlabel.1.md.in +++ b/docs/source/markdown/podman-container-runlabel.1.md.in @@ -55,9 +55,7 @@ Suppress output information when pulling images If a container exists of the default or given name, as needed it will be stopped, deleted and a new container will be created from this image. -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in containers-registries.conf(5). +@@option tls-verify ## EXAMPLES diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 17ef704e6..835976eba 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -224,28 +224,11 @@ pod when that pod is not running. @@option init-path -#### **--interactive**, **-i** +@@option interactive -Keep STDIN open even if not attached. The default is *false*. - -#### **--ip**=*ipv4* - -Specify a static IPv4 address for the container, for example **10.88.64.128**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. - -#### **--ip6**=*ipv6* - -Specify a static IPv6 address for the container, for example **fd46:db93:aa76:ac37::10**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IPv6 address pool. - -To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. +@@option ip +@@option ip6 @@option ipc @@ -309,7 +292,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). @@ -333,9 +316,7 @@ This option conflicts with **--add-host**. @@option oom-score-adj -#### **--os**=*OS* -Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. +@@option os.pull @@option passwd-entry @@ -358,25 +339,7 @@ To make a pod with more granular options, use the `podman pod create` command be @@option privileged -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** If a container will be run within a pod, it is not necessary to publish the port for the containers in the pod. The port must only be published by the pod itself. Pod network @@ -386,17 +349,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P** - -Publish all exposed ports to random ports on the host interfaces. The default is *false*. - -When set to true publish all exposed ports to the host interfaces. The -default is false. If the operator uses -P (or -p) then Podman will make the -exposed port accessible on the host and the ports will be available to any -client that can reach the host. When using -P, Podman will bind any exposed -port to a random port on the host within an *ephemeral port range* defined by -`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host -ports and the exposed ports, use `podman port`. +@@option publish-all @@option pull @@ -418,22 +371,7 @@ Suppress output information when pulling images Automatically remove the container when it exits. The default is *false*. -#### **--rootfs** - -If specified, the first argument refers to an exploded container on the file system. - -This is useful to run a container without requiring any image management, the rootfs -of the container is assumed to be managed externally. - - `Overlay Rootfs Mounts` - - The `:O` flag tells Podman to mount the directory from the rootfs path as -storage using the `overlay file system`. The container processes -can modify content within the mount point which is stored in the -container storage in a separate directory. In overlay terms, the source -directory will be the lower, and the container storage directory will be the -upper. Modifications to the mount point are destroyed when the container -finishes executing, similar to a tmpfs mount point being unmounted. +@@option rootfs @@option sdnotify @@ -474,11 +412,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. -#### **--shm-size**=*size* - -Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) -If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. -When size is `0`, there is no limit on the amount of memory used for IPC by the container. +@@option shm-size @@option stop-signal @@ -494,22 +428,11 @@ When size is `0`, there is no limit on the amount of memory used for IPC by the @@option timeout -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify @@option tmpfs -#### **--tty**, **-t** - -Allocate a pseudo-TTY. The default is *false*. - -When set to true Podman will allocate a pseudo-tty and attach to the standard -input of the container. This can be used, for example, to run a throwaway -interactive shell. The default is false. - -Note: The **-t** option is incompatible with a redirection of the Podman client -standard input. +@@option tty @@option tz @@ -523,14 +446,7 @@ standard input. @@option unsetenv-all -#### **--user**, **-u**=*user* - -Sets the username or UID used and optionally the groupname or GID for the specified command. - -The following examples are all valid: ---user [user | user:group | uid | uid:gid | user:gid | uid:group ] - -Without this argument the command will be run as root in the container. +@@option user @@option userns.container @@ -543,38 +459,7 @@ Use _VARIANT_ instead of the default architecture variant of the container image Use the **--group-add keep-groups** option to pass the user's supplementary group access into the container. -#### **--volumes-from**=*CONTAINER[:OPTIONS]]* - -Mount volumes from the specified container(s). Used to share volumes between -containers. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container onto another -container. You must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. You can share volumes even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -You can change this by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a container. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the container context, you can add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two containers share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target container, then the volume hides -that data on the target. +@@option volumes-from @@option workdir diff --git a/docs/source/markdown/podman-exec.1.md.in b/docs/source/markdown/podman-exec.1.md.in index 0d161ef66..8198c319e 100644 --- a/docs/source/markdown/podman-exec.1.md.in +++ b/docs/source/markdown/podman-exec.1.md.in @@ -31,30 +31,20 @@ This option allows arbitrary environment variables that are available for the pr Read in a line delimited file of environment variables. -#### **--interactive**, **-i** - -When set to true, keep stdin open even if not attached. The default is *false*. +@@option interactive #### **--latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) -#### **--preserve-fds**=*N* - -Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs will be 3+N. +@@option preserve-fds @@option privileged -#### **--tty**, **-t** - -Allocate a pseudo-TTY. - -#### **--user**, **-u** +@@option tty -Sets the username or UID used and optionally the groupname or GID for the specified command. -The following examples are all valid: ---user [user | user:group | uid | uid:gid | user:gid | uid:group ] +@@option user @@option workdir diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index ee649c95b..b733cff8d 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -85,7 +85,9 @@ Set the systemd unit requires (`Requires=`) option. Similar to wants, but declar #### **--restart-policy**=*policy* Set the systemd restart policy. The restart-policy must be one of: "no", "on-success", "on-failure", "on-abnormal", -"on-watchdog", "on-abort", or "always". The default policy is *on-failure*. +"on-watchdog", "on-abort", or "always". The default policy is *on-failure* unless the container was created with a custom restart policy. + +Note that generating a unit without `--new` on a container with a custom restart policy can lead to issues on shutdown; systemd will attempt to stop the unit while Podman tries to restart it. It is recommended to to create the container without `--restart` and use the `--restart-policy` option instead when generating the unit file. #### **--restart-sec**=*time* diff --git a/docs/source/markdown/podman-kube-play.1.md.in b/docs/source/markdown/podman-kube-play.1.md.in index 6bf3acc9b..3bbe8113a 100644 --- a/docs/source/markdown/podman-kube-play.1.md.in +++ b/docs/source/markdown/podman-kube-play.1.md.in @@ -187,7 +187,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). @@ -219,11 +219,7 @@ Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (This Start the pod after creating it, set to false to only create it. -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify @@option userns.container ## EXAMPLES diff --git a/docs/source/markdown/podman-login.1.md.in b/docs/source/markdown/podman-login.1.md.in index c309395fb..63798ed99 100644 --- a/docs/source/markdown/podman-login.1.md.in +++ b/docs/source/markdown/podman-login.1.md.in @@ -48,11 +48,7 @@ Password for registry Take the password from stdin -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify #### **--username**, **-u**=*username* diff --git a/docs/source/markdown/podman-manifest-add.1.md.in b/docs/source/markdown/podman-manifest-add.1.md.in index 0d957cd1e..6a9df69b4 100644 --- a/docs/source/markdown/podman-manifest-add.1.md.in +++ b/docs/source/markdown/podman-manifest-add.1.md.in @@ -56,9 +56,7 @@ configuration information. Specify the OS version which the list or index records as a requirement for the image. This option is rarely used. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries (defaults to true). +@@option tls-verify #### **--variant** diff --git a/docs/source/markdown/podman-manifest-create.1.md b/docs/source/markdown/podman-manifest-create.1.md.in index cb8ad41fb..6ebf8a055 100644 --- a/docs/source/markdown/podman-manifest-create.1.md +++ b/docs/source/markdown/podman-manifest-create.1.md.in @@ -28,9 +28,7 @@ If a manifest list named *listnameorindexname* already exists, modify the preexisting list instead of exiting with an error. The contents of *listnameorindexname* are not modified if no *imagename*s are given. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries. (defaults to true) +@@option tls-verify ## EXAMPLES diff --git a/docs/source/markdown/podman-manifest-push.1.md.in b/docs/source/markdown/podman-manifest-push.1.md.in index e3d578d10..fe0a534c9 100644 --- a/docs/source/markdown/podman-manifest-push.1.md.in +++ b/docs/source/markdown/podman-manifest-push.1.md.in @@ -59,9 +59,7 @@ Sign the pushed images with a sigstore signature using a private key at the spec If signing the image (using either **--sign-by** or **--sign-by-sigstore-private-key**), read the passphrase to use from the specified path. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries. (defaults to true) +@@option tls-verify ## DESTINATION diff --git a/docs/source/markdown/podman-pod-clone.1.md.in b/docs/source/markdown/podman-pod-clone.1.md.in index 1d7b1f259..90b829371 100644 --- a/docs/source/markdown/podman-pod-clone.1.md.in +++ b/docs/source/markdown/podman-pod-clone.1.md.in @@ -99,11 +99,7 @@ Note: Labeling can be disabled for all pods/containers by setting label=false in Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. -#### **--shm-size**=*size* - -Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) -If the unit is omitted, the system uses bytes. If the size is omitted, the system uses `64m`. -When size is `0`, there is no limit on the amount of memory used for IPC by the pod. This option conflicts with **--ipc=host** when running containers. +@@option shm-size #### **--start** @@ -124,39 +120,7 @@ clone process has completed. All containers within the pod are started. @@option volume -#### **--volumes-from**=*container[:options]]* - -Mount volumes from the specified container(s). Used to share volumes between -containers and pods. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container into another -pod. Must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. Volumes can be shared even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -This can be changed by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a pod. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the pod context, add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two entities share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target pod, then the volume hides -that data on the target. - +@@option volumes-from ## EXAMPLES ``` diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 3a3909340..7700f5e62 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -99,23 +99,9 @@ The custom image that will be used for the infra container. Unless specified, P @@option infra-name -#### **--ip**=*ip* +@@option ip -Specify a static IP address for the pod, for example **10.88.64.128**. -This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the pod is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per pod, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. - -#### **--ip6**=*ipv6* - -Specify a static IPv6 address for the pod, for example **fd46:db93:aa76:ac37::10**. -This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the pod is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IPv6 address pool. - -To specify multiple static IPv6 addresses per pod, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. +@@option ip6 @@option label @@ -152,7 +138,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). @@ -176,25 +162,7 @@ This option conflicts with **--add-host**. Write the pod ID to the file. -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, within this pod to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** You must not publish ports of containers in the pod individually, but only by the pod itself. @@ -245,11 +213,7 @@ This boolean determines whether or not all containers entering the pod will use Note: This options conflict with **--share=cgroup** since that would set the pod as the cgroup parent but enter the container into the same cgroupNS as the infra container. -#### **--shm-size**=*size* - -Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) -If the unit is omitted, the system uses bytes. If the size is omitted, the system uses `64m`. -When size is `0`, there is no limit on the amount of memory used for IPC by the pod. This option conflicts with **--ipc=host** when running containers. +@@option shm-size @@option subgidname @@ -265,39 +229,7 @@ When size is `0`, there is no limit on the amount of memory used for IPC by the @@option volume -#### **--volumes-from**=*container[:options]]* - -Mount volumes from the specified container(s). Used to share volumes between -containers and pods. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container into another -pod. You must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. You can share volumes even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -You can change this by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a pod. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the pod context, you can add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two entities share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target pod, then the volume hides -that data on the target. - +@@option volumes-from ## EXAMPLES diff --git a/docs/source/markdown/podman-pod-stats.1.md b/docs/source/markdown/podman-pod-stats.1.md.in index c71159f09..83a4b7a1e 100644 --- a/docs/source/markdown/podman-pod-stats.1.md +++ b/docs/source/markdown/podman-pod-stats.1.md.in @@ -40,13 +40,9 @@ When using a GO template, you may precede the format with `table` to print heade Instead of providing the pod name or ID, use the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) -#### **--no-reset** +@@option no-reset -Do not clear the terminal/screen in between reporting intervals - -#### **--no-stream** - -Disable streaming pod stats and only pull the first result, default setting is false +@@option no-stream ## EXAMPLE diff --git a/docs/source/markdown/podman-pull.1.md.in b/docs/source/markdown/podman-pull.1.md.in index 5405d7a45..46adec97b 100644 --- a/docs/source/markdown/podman-pull.1.md.in +++ b/docs/source/markdown/podman-pull.1.md.in @@ -63,10 +63,7 @@ All tagged images in the repository will be pulled. Print the usage statement. -#### **--os**=*OS* - -Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. +@@option os.pull @@option platform @@ -74,11 +71,7 @@ Unless overridden, subsequent lookups of the same image in the local storage wil Suppress output information when pulling images -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify #### **--variant**=*VARIANT* diff --git a/docs/source/markdown/podman-push.1.md.in b/docs/source/markdown/podman-push.1.md.in index 6e6eecfa2..c679950f7 100644 --- a/docs/source/markdown/podman-push.1.md.in +++ b/docs/source/markdown/podman-push.1.md.in @@ -90,11 +90,7 @@ Add a sigstore signature at the destination using a private key at the specified If signing the image (using either **--sign-by** or **--sign-by-sigstore-private-key**), read the passphrase to use from the specified path. -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify ## EXAMPLE diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 493a7494a..b4bb107d6 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -245,27 +245,11 @@ Print usage statement @@option init-path -#### **--interactive**, **-i** +@@option interactive -When set to **true**, keep stdin open even if not attached. The default is **false**. +@@option ip -#### **--ip**=*ipv4* - -Specify a static IPv4 address for the container, for example **10.88.64.128**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. - -#### **--ip6**=*ipv6* - -Specify a static IPv6 address for the container, for example **fd46:db93:aa76:ac37::10**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IPv6 address pool. - -To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. +@@option ip6 @@option ipc @@ -329,7 +313,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). @@ -353,9 +337,7 @@ This option conflicts with **--add-host**. @@option oom-score-adj -#### **--os**=*OS* -Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. +@@option os.pull #### **--passwd** @@ -382,32 +364,11 @@ If a container is run with a pod, and the pod has an infra-container, the infra- @@option pod-id-file.container -#### **--preserve-fds**=*N* - -Pass down to the process N additional file descriptors (in addition to 0, 1, 2). -The total FDs will be 3+N. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) +@@option preserve-fds @@option privileged -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** If a container will be run within a pod, it is not necessary to publish the port for the containers in the pod. The port must only be published by the pod itself. Pod network @@ -417,18 +378,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P** - -Publish all exposed ports to random ports on the host interfaces. The default is **false**. - -When set to **true**, publish all exposed ports to the host interfaces. The -default is **false**. If the operator uses **-P** (or **-p**) then Podman will make the -exposed port accessible on the host and the ports will be available to any -client that can reach the host. - -When using this option, Podman will bind any exposed port to a random port on the host -within an ephemeral port range defined by */proc/sys/net/ipv4/ip_local_port_range*. -To find the mapping between the host ports and the exposed ports, use **podman port**. +@@option publish-all @@option pull @@ -455,25 +405,7 @@ Automatically remove the container when it exits. The default is **false**. After exit of the container, remove the image unless another container is using it. The default is *false*. -#### **--rootfs** - -If specified, the first argument refers to an exploded container on the file system. - -This is useful to run a container without requiring any image management, the rootfs -of the container is assumed to be managed externally. - - `Overlay Rootfs Mounts` - - The `:O` flag tells Podman to mount the directory from the rootfs path as -storage using the `overlay file system`. The container processes -can modify content within the mount point which is stored in the -container storage in a separate directory. In overlay terms, the source -directory will be the lower, and the container storage directory will be the -upper. Modifications to the mount point are destroyed when the container -finishes executing, similar to a tmpfs mount point being unmounted. - -Note: On **SELinux** systems, the rootfs needs the correct label, which is by default -**unconfined_u:object_r:container_file_t**. +@@option rootfs @@option sdnotify @@ -513,11 +445,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file. -#### **--shm-size**=*number[unit]* - -Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes). -If you omit the unit, the system uses bytes. If you omit the size entirely, the default is **64m**. -When _size_ is **0**, there is no limit on the amount of memory used for IPC by the container. +@@option shm-size #### **--sig-proxy** @@ -537,21 +465,11 @@ Sets whether the signals sent to the **podman run** command are proxied to the c @@option timeout -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify @@option tmpfs -#### **--tty**, **-t** - -Allocate a pseudo-TTY. The default is **false**. - -When set to **true**, Podman will allocate a pseudo-tty and attach to the standard -input of the container. This can be used, for example, to run a throwaway -interactive shell. The default is **false**. - -**NOTE**: The --tty flag prevents redirection of standard output. It combines STDOUT and STDERR, it can insert control characters, and it can hang pipes. This option should only be used when run interactively in a terminal. When feeding input to Podman, use -i only, not -it. +@@option tty ``` echo "asdf" | podman run --rm -i someimage /bin/cat @@ -569,13 +487,7 @@ echo "asdf" | podman run --rm -i someimage /bin/cat @@option unsetenv-all -#### **--user**, **-u**=*user[:group]* - -Sets the username or UID used and, optionally, the groupname or GID for the specified command. Both *user* and *group* may be symbolic or numeric. - -Without this argument, the command will run as the user specified in the container image. Unless overridden by a `USER` command in the Containerfile or by a value passed to this option, this user generally defaults to root. - -When a user namespace is not in use, the UID and GID used within the container and on the host will match. When user namespaces are in use, however, the UID and GID in the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in the container will by default correspond to the UID and GID of the user invoking Podman. +@@option user @@option userns.container @@ -588,38 +500,7 @@ Use _VARIANT_ instead of the default architecture variant of the container image Use the **--group-add keep-groups** option to pass the user's supplementary group access into the container. -#### **--volumes-from**=*CONTAINER[:OPTIONS]* - -Mount volumes from the specified container(s). Used to share volumes between -containers. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container onto another -container. You must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. You can share volumes even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -You can change this by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a container. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the container context, you can add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two containers share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target container, then the volume hides -that data on the target. +@@option volumes-from @@option workdir diff --git a/docs/source/markdown/podman-search.1.md.in b/docs/source/markdown/podman-search.1.md.in index 102cf7ad7..89df8c29f 100644 --- a/docs/source/markdown/podman-search.1.md.in +++ b/docs/source/markdown/podman-search.1.md.in @@ -87,12 +87,7 @@ The result contains the Image name and its tag, one line for every tag associate Do not truncate the output (default *false*). -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used if needed. If not specified, -default registries will be searched through (in /etc/containers/registries.conf), and TLS will be skipped if a default -registry is listed in the insecure registries. +@@option tls-verify ## EXAMPLES diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md.in index fd24c6bf4..6fa41018b 100644 --- a/docs/source/markdown/podman-start.1.md +++ b/docs/source/markdown/podman-start.1.md.in @@ -53,9 +53,7 @@ Valid filters are listed below: | pod | [Pod] name or full or partial ID of pod | | network | [Network] name or full ID of network | -#### **--interactive**, **-i** - -Attach container's STDIN. The default is false. +@@option interactive #### **--latest**, **-l** diff --git a/docs/source/markdown/podman-stats.1.md b/docs/source/markdown/podman-stats.1.md.in index a1a0f6a93..f06bd3fcc 100644 --- a/docs/source/markdown/podman-stats.1.md +++ b/docs/source/markdown/podman-stats.1.md.in @@ -53,13 +53,9 @@ Time in seconds between stats reports, defaults to 5 seconds. Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) -#### **--no-reset** +@@option no-reset -Do not clear the terminal/screen in between reporting intervals - -#### **--no-stream** - -Disable streaming stats and only pull the first result, default setting is false +@@option no-stream #### **--no-trunc** diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 3b3974dcc..7a8dd7043 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -43,8 +43,8 @@ Remote connections use local containers.conf for default. #### **--events-backend**=*type* Backend to use for storing events. Allowed values are **file**, **journald**, and -**none**. When *file* is specified, the events are stored under a subdirectory -of the *tmpdir* location (see **--tmpdir** below). +**none**. When *file* is specified, the events are stored under +`<tmpdir>/events/events.log` (see **--tmpdir** below). #### **--help**, **-h** @@ -158,7 +158,7 @@ On remote clients, including Mac and Windows (excluding WSL2) machines, logging #### **--tmpdir** -Path to the tmp directory, for libpod runtime content. +Path to the tmp directory, for libpod runtime content. Defaults to `$XDG\_RUNTIME\_DIR/libpod/tmp` as rootless and `run/libpod/tmp` as rootful. NOTE --tmpdir is not used for the temporary storage of downloaded images. Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. |