diff options
Diffstat (limited to 'docs/source')
| -rw-r--r-- | docs/source/markdown/podman-build.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-generate-kube.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-ps.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 18 | ||||
| -rw-r--r-- | docs/source/markdown/podman-system-service.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman.1.md | 6 |
6 files changed, 26 insertions, 6 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index c71f4fae9..67513e386 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -40,7 +40,7 @@ container images. This `buildah` code creates `buildah` containers for the `RUN` options in container storage. In certain situations, when the `podman build` crashes or users kill the `podman build` process, these external containers can be left in container storage. Use the `podman ps --all --storage` -command to see these contaienrs. External containers can be removed with the +command to see these containers. External containers can be removed with the `podman rm --storage` command. ## OPTIONS diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-generate-kube.1.md index ed2143388..019bae539 100644 --- a/docs/source/markdown/podman-generate-kube.1.md +++ b/docs/source/markdown/podman-generate-kube.1.md @@ -28,7 +28,7 @@ random port is assigned by Podman in the specification. Create Kubernetes Pod YAML for a container called `some-mariadb` . ``` $ sudo podman generate kube some-mariadb -# Generation of Kubenetes YAML is still under development! +# Generation of Kubernetes YAML is still under development! # # Save the output of this file and use kubectl create -f to import # it into Kubernetes. diff --git a/docs/source/markdown/podman-ps.1.md b/docs/source/markdown/podman-ps.1.md index b94964f6c..28212b92c 100644 --- a/docs/source/markdown/podman-ps.1.md +++ b/docs/source/markdown/podman-ps.1.md @@ -57,6 +57,8 @@ Valid filters are listed below: | since | [ID] or [Name] Containers created since this container | | volume | [VolumeName] or [MountpointDestination] Volume mounted in container | | health | [Status] healthy or unhealthy | +| pod | [Pod] name or full or partial ID of pod | + #### **--format**=*format* diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index cd45e53ef..674079a9d 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -394,6 +394,13 @@ Run the container in a new user namespace using the supplied mapping. This optio This option can be passed several times to map different ranges. If calling **podman run** as an unprivileged user, the user needs to have the right to use the mapping. See **subuid**(5). The example maps gids **0-1999** in the container to the gids **30000-31999** on the host: **--gidmap=0:30000:2000**. +**Important note:** The new user namespace mapping based on **--gidmap** is based on the initial mapping made in the _/etc/subgid_ file. +Assuming there is a _/etc/subgid_ mapping **groupname:100000:65536**, then **groupname** is initially mapped to a namespace starting with +gid **100000** for **65536** ids. From here the **--gidmap** mapping to the new namespace starts from **0** again, but is based on the initial mapping. +Meaning **groupname** is initially mapped to gid **100000** which is referenced as **0** in the following **--gidmap** mapping. In terms of the example +above: The group **groupname** is mapped to group **100000** of the initial namespace then the +**30000**st id of this namespace (which is gid 130000 in this namespace) is mapped to container namespace group id **0**. (groupname -> 100000 / 30000 -> 0) + #### **--group-add**=*group* Add additional groups to run as @@ -946,7 +953,7 @@ For the IPC namespace, the following sysctls are allowed: Note: if you use the **--ipc=host** option, the above sysctls will not be allowed. -For the network namespace, the following ysctls areallowed: +For the network namespace, the following sysctls are allowed: - Sysctls beginning with net.\* @@ -1026,6 +1033,15 @@ as an unprivileged user, the user needs to have the right to use the mapping. Se The following example maps uids 0-1999 in the container to the uids 30000-31999 on the host: **--uidmap=0:30000:2000**. +**Important note:** The new user namespace mapping based on **--uidmap** is based on the initial mapping made in the _/etc/subuid_ file. +Assuming there is a _/etc/subuid_ mapping **username:100000:65536**, then **username** is initially mapped to a namespace starting with +uid **100000** for **65536** ids. From here the **--uidmap** mapping to the new namespace starts from **0** again, but is based on the initial mapping. +Meaning **username** is initially mapped to uid **100000** which is referenced as **0** in the following **--uidmap** mapping. In terms of the example +above: The user **username** is mapped to user **100000** of the initial namespace then the +**30000**st id of this namespace (which is uid 130000 in this namespace) is mapped to container namespace user id **0**. (username -> 100000 / 30000 -> 0) + +_Note_: A minimal mapping has to have at least container uid **0** mapped to the parent user namespace. + #### **--ulimit**=*option* Ulimit options. You can use **host** to copy the current configuration from the host. diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md index 1fdecfa5c..0905830c5 100644 --- a/docs/source/markdown/podman-system-service.1.md +++ b/docs/source/markdown/podman-system-service.1.md @@ -9,7 +9,7 @@ podman\-system\-service - Run an API service ## DESCRIPTION The **podman system service** command creates a listening service that will answer API calls for Podman. You may optionally provide an endpoint for the API in URI form. For example, *unix://tmp/foobar.sock* or *tcp:localhost:8080*. -If no endpoint is provided, defaults will be used. The default endpoint for a rootfull +If no endpoint is provided, defaults will be used. The default endpoint for a rootful service is *unix:/run/podman/podman.sock* and rootless is *unix:/$XDG_RUNTIME_DIR/podman/podman.sock* (for example *unix:/run/user/1000/podman/podman.sock*) diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 7da01d389..2688c1720 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -44,7 +44,9 @@ Path of the conmon binary (Default path is configured in `containers.conf`) #### **--events-backend**=*type* -Backend to use for storing events. Allowed values are **file**, **journald**, and **none**. +Backend to use for storing events. Allowed values are **file**, **journald**, and +**none**. When *file* is specified, the events are stored under a subdirectory +of the *tmpdir* location (see **--tmpdir** below). #### **--help**, **-h** @@ -291,7 +293,7 @@ When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.con Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. -**storage.conf** (`/etc/containers/storage.conf`, `$HOME/.config/contaners/storage.conf`) +**storage.conf** (`/etc/containers/storage.conf`, `$HOME/.config/containers/storage.conf`) storage.conf is the storage configuration file for all tools using containers/storage |