19 files changed, 166 insertions, 131 deletions
diff --git a/docs/source/Commands.rst b/docs/source/Commands.rst
index 766b6a02e..767b09c08 100644
--- a/docs/source/Commands.rst
+++ b/docs/source/Commands.rst
@@ -55,7 +55,7 @@ Commands
 
 :doc:`logs <markdown/podman-logs.1>` Fetch the logs of a container
 
-:doc:`machine <markdown/podman-machine.1>` Manage podman's virtual machine
+:doc:`machine <machine>` Manage podman's virtual machine
 
 :doc:`manifest <manifest>` Create and manipulate manifest lists and image indexes
 
@@ -91,7 +91,7 @@ Commands
 
 :doc:`search <markdown/podman-search.1>` Search registry for image
 
-:doc:`secret <markdown/podman-secret.1>` Manage podman secrets
+:doc:`secret <secret>` Manage podman secrets
 
 :doc:`start <markdown/podman-start.1>` Start one or more containers
 
diff --git a/docs/source/machine.rst b/docs/source/machine.rst
index 16c042173..3962fca99 100644
--- a/docs/source/machine.rst
+++ b/docs/source/machine.rst
@@ -3,8 +3,13 @@ Machine
 
 
 :doc:`init <markdown/podman-machine-init.1>` Initialize a new virtual machine
+
 :doc:`list <markdown/podman-machine-list.1>` List virtual machines
+
 :doc:`rm <markdown/podman-machine-rm.1>` Remove a virtual machine
+
 :doc:`ssh <markdown/podman-machine-ssh.1>` SSH into a virtual machine
+
 :doc:`start <markdown/podman-machine-start.1>` Start a virtual machine
+
 :doc:`stop <markdown/podman-machine-stop.1>` Stop a virtual machine
diff --git a/docs/source/markdown/containers-mounts.conf.5.md b/docs/source/markdown/containers-mounts.conf.5.md
deleted file mode 100644
index 74492c831..000000000
--- a/docs/source/markdown/containers-mounts.conf.5.md
+++ /dev/null
@@ -1,16 +0,0 @@
-% containers-mounts.conf(5)
-
-## NAME
-containers-mounts.conf - configuration file for default mounts in containers
-
-## DESCRIPTION
-The mounts.conf file specifies volume mount directories that are automatically mounted inside containers. Container processes can then use this content. Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories. Note that for security reasons, tools adhering to the mounts.conf are expected to copy the contents instead of bind mounting the paths from the host.
-
-## FORMAT
-The format of the mounts.conf is the volume format `/SRC:/DEST`, one mount per line. For example, a mounts.conf with the line `/usr/share/secrets:/run/secrets` would cause the contents of the `/usr/share/secrets` directory on the host to be mounted on the `/run/secrets` directory inside the container. Setting mountpoints allows containers to use the files of the host, for instance, to use the host's subscription to some enterprise Linux distribution.
-
-## FILES
-Some distributions may provide a `/usr/share/containers/mounts.conf` file to provide default mounts, but users can create a `/etc/containers/mounts.conf`, to specify their own special volumes to mount in the container. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` will override the default if it exists.
-
-## HISTORY
-Aug 2018, Originally compiled by Valentin Rothberg <vrothberg@suse.com>
diff --git a/docs/source/markdown/podman-attach.1.md b/docs/source/markdown/podman-attach.1.md
index c4a5eec50..092772916 100644
--- a/docs/source/markdown/podman-attach.1.md
+++ b/docs/source/markdown/podman-attach.1.md
@@ -9,48 +9,48 @@ podman\-attach - Attach to a running container
 **podman container attach** [*options*] *container*
 
 ## DESCRIPTION
-The attach command allows you to attach to a running container using the container's ID
-or name, either to view its ongoing output or to control it interactively.
-
-You can detach from the container (and leave it running) using a configurable key sequence. The default
-sequence is `ctrl-p,ctrl-q`.
-Configure the keys sequence using the **--detach-keys** option, or specifying
-it in the **containers.conf** file: see **containers.conf(5)** for more information.
+**podman attach** attaches to a running *container* using the *container's name* or *ID*, to either view its ongoing output or to control it interactively.\
+The *container* can detached from (and leave it running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`. Configure the keys sequence using the **--detach-keys** option, or specifying it in the `containers.conf` file: see **[containers.conf(5)](https://github.com/containers/common/blob/master/docs/containers.conf.5.md)** for more information.
 
 ## OPTIONS
-#### **--detach-keys**=*sequence*
+#### **--detach-keys**=**sequence**
 
-Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*.
+Specify the key **sequence** for detaching a *container*. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is `ctrl-p,ctrl-q`.
 
 #### **--latest**, **-l**
 
-Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
-to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client)
+Instead of providing the *container name* or *ID*, use the last created *container*. If you use methods other than Podman to run containers such as CRI-O, the last started *container* could be from either of those methods. The default is **false**.\
+*IMPORTANT: This option is not available with the remote Podman client*
 
 #### **--no-stdin**
 
-Do not attach STDIN. The default is false.
+Do not attach STDIN. The default is **false**.
 
-#### **--sig-proxy**=*true*|*false*
+#### **--sig-proxy**
 
-Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*.
+Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is **true**.
 
 ## EXAMPLES
 
+Attach to a container called "foobar".
 ```
 $ podman attach foobar
-[root@localhost /]#
 ```
+
+Attach to the latest created container.
 ```
 $ podman attach --latest
-[root@localhost /]#
 ```
+
+Attach to a container that start with the ID "1234".
 ```
 $ podman attach 1234
-[root@localhost /]#
 ```
+
+Attach to a container without attaching STDIN.
 ```
 $ podman attach --no-stdin foobar
 ```
+
 ## SEE ALSO
-podman(1), podman-exec(1), podman-run(1), containers.conf(5)
+**[podman(1)](podman.1.md)**, **[podman-exec(1)](podman-exec.1.md)**, **[podman-run(1)](podman-run.1.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/master/docs/containers.conf.5.md)**
diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md
index 1bb5d4bbe..52a9a3fec 100644
--- a/docs/source/markdown/podman-auto-update.1.md
+++ b/docs/source/markdown/podman-auto-update.1.md
@@ -1,16 +1,16 @@
 % podman-auto-update(1)
 
 ## NAME
-podman-auto-update - Auto update containers according to their auto-update policy
+podman\-auto-update - Auto update containers according to their auto-update policy
 
 ## SYNOPSIS
 **podman auto-update** [*options*]
 
 ## DESCRIPTION
-`podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy).
+**podman auto-update** looks up containers with a specified `io.containers.autoupdate` label (i.e., the auto-update policy).
 
-If the label is present and set to "registry", Podman reaches out to the corresponding registry to check if the image has been updated.
-The label "image" is an alternative to "registry" maintained for backwards compatibility.
+If the label is present and set to `registry`, Podman reaches out to the corresponding registry to check if the image has been updated.
+The label `image` is an alternative to `registry` maintained for backwards compatibility.
 An image is considered updated if the digest in the local storage is different than the one of the remote image.
 If an image must be updated, Podman pulls it down and restarts the systemd unit executing the container.
 
@@ -18,60 +18,57 @@ The registry policy requires a fully-qualified image reference (e.g., quay.io/po
 This enforcement is necessary to know which image to actually check and pull.
 If an image ID was used, Podman would not know which image to check/pull anymore.
 
-Alternatively, if the autoupdate label is set to "local", Podman will compare the image a container is using to the image with it's raw name in local storage.
+Alternatively, if the autoupdate label is set to `local`, Podman will compare the image a container is using to the image with its raw name in local storage.
 If an image is updated locally, Podman simply restarts the systemd unit executing the container.
 
-If "io.containers.autoupdate.authfile" label is present, Podman reaches out to corresponding authfile when pulling images.
+If `io.containers.autoupdate.authfile` label is present, Podman reaches out to the corresponding authfile when pulling images.
 
-At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label.
-This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container).
+At container-creation time, Podman looks up the `PODMAN_SYSTEMD_UNIT` environment variable and stores it verbatim in the container's label.
+This variable is now set by all systemd units generated by **[podman-generate-systemd](podman-generate-systemd.1.md)** and is set to `%n` (i.e., the name of systemd unit starting the container).
 This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container.
 
-Note that`podman auto-update` relies on systemd. The systemd units are expected to be generated with `podman-generate-systemd --new`, or similar units that create new containers in order to run the updated images.
+Note that **podman auto-update** relies on systemd. The systemd units are expected to be generated with **[podman-generate-systemd --new](podman-generate-systemd.1.md#--new)**, or similar units that create new containers in order to run the updated images.
 Systemd units that start and stop a container cannot run a new image.
 
-
 ### Systemd Unit and Timer
 
-Podman ships with a `podman-auto-update.service` systemd unit.  This unit is triggered daily at midnight by the `podman-auto-update.timer` systemd timer.  The timer can be altered for custom time-based updates if desired.  The unit can further be invoked by other systemd units (e.g., via the dependency tree) or manually via `systemctl start podman-auto-update.service`.
-
+Podman ships with a `podman-auto-update.service` systemd unit. This unit is triggered daily at midnight by the `podman-auto-update.timer` systemd timer.  The timer can be altered for custom time-based updates if desired.  The unit can further be invoked by other systemd units (e.g., via the dependency tree) or manually via **systemctl start podman-auto-update.service**.
 
 ## OPTIONS
 
 #### **--authfile**=*path*
 
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
-If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
+Path of the authentication file. Default is `${XDG_RUNTIME_DIR}/containers/auth.json`, which is set using **[podman login](podman-login.1.md)**.
+If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using **docker login**.
 
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
+Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**.
 
 ## EXAMPLES
 
 Autoupdate with registry policy
 
 ```
-# Start a container
+### Start a container
 $ podman run --label "io.containers.autoupdate=registry" \
     --label "io.containers.autoupdate.authfile=/some/authfile.json" \
     -d busybox:latest top
 bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
 
-# Generate a systemd unit for this container
+### Generate a systemd unit for this container
 $ podman generate systemd --new --files bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
 /home/user/containers/libpod/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
 
-# Load the new systemd unit and start it
+### Load the new systemd unit and start it
 $ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user
 $ systemctl --user daemon-reload
 
-# If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
+### If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
 $ podman stop bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
 $ podman rm bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
 
 $ systemctl --user start container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
 
-# Auto-update the container
+### Auto-update the container
 $ podman auto-update
 container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
 ```
@@ -79,37 +76,37 @@ container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.servi
 Autoupdate with local policy
 
 ```
-# Start a container
+### Start a container
 $ podman run --label "io.containers.autoupdate=local" \
     -d busybox:latest top
 be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
 
-# Generate a systemd unit for this container
+### Generate a systemd unit for this container
 $ podman generate systemd --new --files be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
 /home/user/containers/libpod/container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
 
-# Load the new systemd unit and start it
+### Load the new systemd unit and start it
 $ mv ./container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service ~/.config/systemd/user
 $ systemctl --user daemon-reload
 
-# If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
+### If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
 $ podman stop be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
 $ podman rm be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
 
 $ systemctl --user start container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
 
-# Get the name of the container
+### Get the name of the container
 $ podman ps
 CONTAINER ID  IMAGE                             COMMAND  CREATED        STATUS            PORTS   NAMES
 01f5c8113e84  docker.io/library/busybox:latest  top      2 seconds ago  Up 3 seconds ago          inspiring_galileo
 
-# Modify the image
+### Modify the image
 $ podman commit --change CMD=/bin/bash inspiring_galileo busybox:latest
 
-# Auto-update the container
+### Auto-update the container
 $ podman auto-update
 container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
 ```
 
 ## SEE ALSO
-podman(1), podman-generate-systemd(1), podman-run(1), systemd.unit(5)
+**[podman(1)](podman.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-run(1)](podman-run.1.md)**, systemd.unit(5)
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index f173b24b4..c65fbccb9 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -111,7 +111,7 @@ given.
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--cgroup-parent**=*path*
 
@@ -972,7 +972,7 @@ If you are using `useradd` within your build script, you should pass the
 useradd to stop creating the lastlog file.
 
 ## SEE ALSO
-podman(1), buildah(1), containers-registries.conf(5), crun(8), runc(8), useradd(8), podman-ps(1), podman-rm(1)
+podman(1), buildah(1), containers-certs.d(5), containers-registries.conf(5), crun(8), runc(8), useradd(8), podman-ps(1), podman-rm(1)
 
 ## HISTORY
 Aug 2020, Additional options and .dockerignore added by Dan Walsh `<dwalsh@redhat.com>`
diff --git a/docs/source/markdown/podman-commit.1.md b/docs/source/markdown/podman-commit.1.md
index 7485e9bd9..92574cdc5 100644
--- a/docs/source/markdown/podman-commit.1.md
+++ b/docs/source/markdown/podman-commit.1.md
@@ -9,34 +9,27 @@ podman\-commit - Create new image based on the changed container
 **podman container commit** [*options*] *container* [*image*]
 
 ## DESCRIPTION
-**podman commit** creates an image based on a changed container. The author of the
-image can be set using the `--author` flag. Various image instructions can be
-configured with the `--change` flag and a commit message can be set using the
-`--message` flag. The container and its processes are paused while the image is
-committed. This minimizes the likelihood of data corruption when creating the new
-image. If this is not desired, the `--pause` flag can be set to false. When the commit
-is complete, Podman will print out the ID of the new image.
+**podman commit** creates an image based on a changed *container*. The author of the image can be set using the **--author** OPTION. Various image instructions can be configured with the **--change** OPTION and a commit message can be set using the **--message** OPTION. The *container* and its processes are paused while the image is committed. This minimizes the likelihood of data corruption when creating the new image. If this is not desired, the **--pause** OPTION can be set to *false*. When the commit is complete, Podman will print out the ID of the new image.
 
-If *image* does not begin with a registry name component, `localhost` will be added to the name.
-If *image* is not provided, the values for the `REPOSITORY` and `TAG` values of the created image will each be set to `<none>`.
+If `image` does not begin with a registry name component, `localhost` will be added to the name.
+If `image` is not provided, the values for the `REPOSITORY` and `TAG` values of the created image will each be set to `<none>`.
 
 ## OPTIONS
 
 #### **--author**, **-a**=*author*
 
-Set the author for the committed image
+Set the author for the committed image.
 
 #### **--change**, **-c**=*instruction*
 
 Apply the following possible instructions to the created image:
 **CMD** | **ENTRYPOINT** | **ENV** | **EXPOSE** | **LABEL** | **ONBUILD** | **STOPSIGNAL** | **USER** | **VOLUME** | **WORKDIR**
 
-Can be set multiple times
+Can be set multiple times.
 
-#### **--format**, **-f**=*format*
+#### **--format**, **-f** =**oci** | *docker*
 
-Set the format of the image manifest and metadata.  The currently supported formats are _oci_ and _docker_.  If
-not specifically set, the default format used is _oci_.
+Set the format of the image manifest and metadata.  The currently supported formats are **oci** and *docker*. The default is **oci**.
 
 #### **--iidfile**=*ImageIDfile*
 
@@ -44,23 +37,24 @@ Write the image ID to the file.
 
 #### **--include-volumes**
 
-Include in the committed image any volumes added to the container by the `--volume` or `--mount` options to the `podman create` and `podman run` commands.
+Include in the committed image any volumes added to the container by the **--volume** or **--mount** OPTIONS to the **[podman create](podman-create.1.md)** and **[podman run](podman-run.1.md)** commands. The default is **false**.
 
 #### **--message**, **-m**=*message*
 
-Set commit message for committed image.  The message field is not supported in _oci_ format.
+Set commit message for committed image.\
+*IMPORTANT: The message field is not supported in `oci` format.*
 
 #### **--pause**, **-p**
 
-Pause the container when creating an image
+Pause the container when creating an image. The default is **false**.
 
 #### **--quiet**, **-q**
 
-Suppress output
+Suppresses output. The default is **false**.
 
 ## EXAMPLES
 
-### Create image from container with entrypoint and label
+Create image from container with entrypoint and label
 ```
 $ podman commit --change CMD=/bin/bash --change ENTRYPOINT=/bin/sh --change "LABEL blue=image" reverent_golick image-committed
 Getting image source signatures
@@ -73,39 +67,39 @@ Storing signatures
 e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
 ```
 
-### Create image from container with commit message
+Create image from container with commit message
 ```
 $ podman commit -q --message "committing container to image"
 reverent_golick image-committed
-e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8 ```
+e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
 ```
 
-### Create image from container with author
+Create image from container with author
 ```
 $ podman commit -q --author "firstName lastName" reverent_golick image-committed
 e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
 ```
 
-### Pause a running container while creating the image
+Pause a running container while creating the image
 ```
 $ podman commit -q --pause=true containerID image-committed
 e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
 ```
 
-### Create an image from a container with a default image tag
+Create an image from a container with a default image tag
 ```
 $ podman commit containerID
 e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
 ```
 
-### Create an image from container with default required capabilities are SETUID and SETGID
+Create an image from container with default required capabilities are SETUID and SETGID
 ```
 $ podman commit -q --change LABEL=io.containers.capabilities=setuid,setgid epic_nobel privimage
 400d31a3f36dca751435e80a0e16da4859beb51ff84670ce6bdc5edb30b94066
 ```
 
 ## SEE ALSO
-podman(1), podman-run(1), podman-create(1)
+**[podman(1)](podman.1.md)**, **[podman-run(1)](podman-run.1.md)**, **[podman-create(1)](podman-create.1.md)**
 
 ## HISTORY
 December 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com>
diff --git a/docs/source/markdown/podman-container-checkpoint.1.md b/docs/source/markdown/podman-container-checkpoint.1.md
index 46b6cb646..271a44c9d 100644
--- a/docs/source/markdown/podman-container-checkpoint.1.md
+++ b/docs/source/markdown/podman-container-checkpoint.1.md
@@ -10,31 +10,25 @@ podman\-container\-checkpoint - Checkpoints one or more running containers
 Checkpoints all the processes in one or more containers. You may use container IDs or names as input.
 
 ## OPTIONS
-#### **--keep**, **-k**
-
-Keep all temporary log and statistics files created by CRIU during checkpointing. These files
-are not deleted if checkpointing fails for further debugging. If checkpointing succeeds these
-files are theoretically not needed, but if these files are needed Podman can keep the files
-for further analysis.
-
 #### **--all**, **-a**
 
 Checkpoint all running containers.
 
-#### **--latest**, **-l**
-
-Instead of providing the container name or ID, checkpoint the last created container. (This option is not available with the remote Podman client)
-
-#### **--leave-running**, **-R**
+#### **--compress**, **-c**
 
-Leave the container running after checkpointing instead of stopping it.
+Specify the compression algorithm used for the checkpoint archive created
+with the **--export, -e** option. Possible algorithms are *gzip*, *none*
+and *zstd*. If no compression algorithm is specified Podman will use
+*zstd*.
 
-#### **--tcp-established**
+One possible reason to use *none* is to enable faster creation of checkpoint
+archives. Not compressing the checkpoint archive can result in faster checkpoint
+archive creation.
 
-Checkpoint a container with established TCP connections. If the checkpoint
-image contains established TCP connections, this options is required during
-restore. Defaults to not checkpointing containers with established TCP
-connections.
+```
+# podman container checkpoint -l --compress=none --export=dump.tar
+# podman container checkpoint -l --compress=gzip --export=dump.tar.gz
+```
 
 #### **--export**, **-e**
 
@@ -56,11 +50,33 @@ This option must be used in combination with the **--export, -e** option.
 When this option is specified, the content of volumes associated with
 the container will not be included into the checkpoint tar.gz file.
 
+#### **--keep**, **-k**
+
+Keep all temporary log and statistics files created by CRIU during checkpointing. These files
+are not deleted if checkpointing fails for further debugging. If checkpointing succeeds these
+files are theoretically not needed, but if these files are needed Podman can keep the files
+for further analysis.
+
+#### **--latest**, **-l**
+
+Instead of providing the container name or ID, checkpoint the last created container. (This option is not available with the remote Podman client)
+
+#### **--leave-running**, **-R**
+
+Leave the container running after checkpointing instead of stopping it.
+
 #### **--pre-checkpoint**, **-P**
 
 Dump the container's memory information only, leaving the container running. Later
 operations will supersede prior dumps. It only works on runc 1.0-rc3 or higher.
 
+#### **--tcp-established**
+
+Checkpoint a container with established TCP connections. If the checkpoint
+image contains established TCP connections, this options is required during
+restore. Defaults to not checkpointing containers with established TCP
+connections.
+
 #### **--with-previous**
 
 Check out the container with previous criu image files in pre-dump. It only works
diff --git a/docs/source/markdown/podman-container-restore.1.md b/docs/source/markdown/podman-container-restore.1.md
index ef8722279..82bf76d1e 100644
--- a/docs/source/markdown/podman-container-restore.1.md
+++ b/docs/source/markdown/podman-container-restore.1.md
@@ -95,6 +95,19 @@ This option must be used in combination with the **--import, -i** option.
 When restoring containers from a checkpoint tar.gz file with this option,
 the content of associated volumes will not be restored.
 
+#### **--publish**, **-p**
+
+Replaces the ports that the container publishes, as configured during the
+initial container start, with a new set of port forwarding rules.
+
+```
+# podman run --rm -p 2345:80 -d webserver
+# podman container checkpoint -l --export=dump.tar
+# podman container restore -p 5432:8080 --import=dump.tar
+```
+
+For more details please see **podman run --publish**.
+
 ## EXAMPLE
 
 podman container restore mywebserver
@@ -104,7 +117,7 @@ podman container restore 860a4b23
 podman container restore --import-previous pre-checkpoint.tar.gz --import checkpoint.tar.gz
 
 ## SEE ALSO
-podman(1), podman-container-checkpoint(1)
+podman(1), podman-container-checkpoint(1), podman-run(1)
 
 ## HISTORY
 September 2018, Originally compiled by Adrian Reber <areber@redhat.com>
diff --git a/docs/source/markdown/podman-container-runlabel.1.md b/docs/source/markdown/podman-container-runlabel.1.md
index aee849cbd..e343a12fe 100644
--- a/docs/source/markdown/podman-container-runlabel.1.md
+++ b/docs/source/markdown/podman-container-runlabel.1.md
@@ -57,7 +57,7 @@ The runlabel command will not execute if --display is specified.
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--creds**=*[username[:password]]*
 
@@ -105,7 +105,7 @@ $ sudo podman container runlabel --display run foobar
 ```
 
 ## SEE ALSO
-podman(1)
+podman(1), containers-certs.d(5)
 
 ## HISTORY
 September 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index 3565a42bc..28c455b78 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -75,7 +75,7 @@ Description=Podman container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd34
 Documentation=man:podman-generate-systemd(1)
 Wants=network.target
 After=network-online.target
-RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage
+RequiresMountsFor=/var/run/container/storage
 
 [Service]
 Restart=always
@@ -104,7 +104,7 @@ Description=Podman container-busy_moser.service
 Documentation=man:podman-generate-systemd(1)
 Wants=network.target
 After=network-online.target
-RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage
+RequiresMountsFor=/var/run/container/storage
 
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
@@ -146,7 +146,7 @@ Requires=container-amazing_chandrasekhar.service container-jolly_shtern.service
 Before=container-amazing_chandrasekhar.service container-jolly_shtern.service
 Wants=network.target
 After=network-online.target
-RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage
+RequiresMountsFor=/var/run/container/storage
 
 [Service]
 Restart=on-failure
diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md
index b9addc062..616aab8ff 100644
--- a/docs/source/markdown/podman-image-sign.1.md
+++ b/docs/source/markdown/podman-image-sign.1.md
@@ -26,7 +26,7 @@ Sign all the manifests of the multi-architecture image (default false).
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--directory**, **-d**=*dir*
 
@@ -61,7 +61,7 @@ the signature will be written into sub-directories of
 the signature will be 'read' from that same location on a pull-related function.
 
 ## SEE ALSO
-containers-registries.d(5)
+containers-certs.d(5), containers-registries.d(5)
 
 ## HISTORY
 November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com)
diff --git a/docs/source/markdown/podman-login.1.md b/docs/source/markdown/podman-login.1.md
index 274869042..88d025c70 100644
--- a/docs/source/markdown/podman-login.1.md
+++ b/docs/source/markdown/podman-login.1.md
@@ -54,7 +54,7 @@ Return the logged-in user for the registry.  Return error if no login is found.
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--tls-verify**=*true|false*
 
@@ -108,7 +108,7 @@ Login Succeeded!
 ```
 
 ## SEE ALSO
-podman(1), podman-logout(1), containers-auth.json(5), containers-registries.conf(5)
+podman(1), podman-logout(1), containers-auth.json(5), containers-certs.d(5), containers-registries.conf(5)
 
 ## HISTORY
 August 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com>
diff --git a/docs/source/markdown/podman-manifest-add.1.md b/docs/source/markdown/podman-manifest-add.1.md
index 59d5e5d2c..376301589 100644
--- a/docs/source/markdown/podman-manifest-add.1.md
+++ b/docs/source/markdown/podman-manifest-add.1.md
@@ -44,7 +44,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--creds**=*creds*
 
@@ -93,6 +93,28 @@ architecture value, but which expect different versions of its instruction set.
 
     $ podman manifest add mylist:v1.11 containers-storage:quay.io/username/myimage
 
+  **dir:**_path_
+  An existing local directory _path_ storing the manifest, layer tarballs, and signatures as individual files. This
+  is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
+
+    $ podman manifest add dir:/tmp/myimage
+
+  **docker-archive:**_path_[**:**_docker-reference_]
+  An image is stored in the `docker save` formatted file.  _docker-reference_ is only used when creating such a
+  file, and it must not contain a digest.
+
+    $ podman manifest add docker-archive:/tmp/myimage
+
+  **docker-daemon:**_docker-reference_
+  An image in _docker-reference_ format stored in the docker daemon internal storage. The _docker-reference_ can also be an image ID (docker-daemon:algo:digest).
+
+    $ sudo podman manifest add docker-daemon:docker.io/library/myimage:33
+
+  **oci-archive:**_path_**:**_tag_
+  An image _tag_ in a directory compliant with "Open Container Image Layout Specification" at _path_.
+
+    $ podman manifest add oci-archive:/tmp/myimage
+
 ## EXAMPLE
 
 ```
@@ -110,4 +132,4 @@ podman manifest add --arch arm64 --variant v8 mylist:v1.11 docker://71c201d10fff
 ```
 
 ## SEE ALSO
-podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-manifest-remove(1), podman-rmi(1)
+podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-manifest-remove(1), podman-rmi(1), containers-certs.d(5)
diff --git a/docs/source/markdown/podman-manifest-push.1.md b/docs/source/markdown/podman-manifest-push.1.md
index 5097ada64..2cf1cc375 100644
--- a/docs/source/markdown/podman-manifest-push.1.md
+++ b/docs/source/markdown/podman-manifest-push.1.md
@@ -30,7 +30,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--creds**=*creds*
 
@@ -107,4 +107,4 @@ podman manifest push mylist:v1.11 docker://registry.example.org/mylist:v1.11
 ```
 
 ## SEE ALSO
-podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-remove(1), podman-rmi(1)
+podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-remove(1), podman-rmi(1), containers-certs.d(5)
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 98b303ae7..ad5ae7e4c 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -48,7 +48,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--configmap**=*path*
 
@@ -132,7 +132,7 @@ $ podman play kube demo.yml --network cni1,cni2
 Please take into account that CNI networks must be created first using podman-network-create(1).
 
 ## SEE ALSO
-podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1), podman-play(1), podman-network-create(1)
+podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1), podman-play(1), podman-network-create(1), containers-certs.d(5)
 
 ## HISTORY
 December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md
index 9b42d07ac..54f990601 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md
@@ -80,7 +80,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--creds**=*[username[:password]]*
 
@@ -217,7 +217,7 @@ registries.conf is the configuration file which specifies which container regist
 NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
 
 ## SEE ALSO
-podman(1), podman-push(1), podman-login(1), containers-registries.conf(5)
+podman(1), podman-push(1), podman-login(1), containers-certs.d(5), containers-registries.conf(5)
 
 ## HISTORY
 July 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com>
diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md
index f42ee1020..e26d73891 100644
--- a/docs/source/markdown/podman-push.1.md
+++ b/docs/source/markdown/podman-push.1.md
@@ -71,7 +71,7 @@ value can be entered.  The password is entered without echo.
 #### **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
 
 #### **--compress**
 
@@ -161,4 +161,4 @@ Storing signatures
 ```
 
 ## SEE ALSO
-podman(1), podman-pull(1), podman-login(1)
+podman(1), podman-pull(1), podman-login(1), containers-certs.d(5)
diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md
index 2c8be73c2..dfb026de1 100644
--- a/docs/source/markdown/podman-system-service.1.md
+++ b/docs/source/markdown/podman-system-service.1.md
@@ -30,6 +30,10 @@ Note: The default systemd unit files (system and user) change the log-level opti
 The time until the session expires in _seconds_. The default is 5
 seconds. A value of `0` means no timeout, therefore the session will not expire.
 
+#### **--cors**
+
+CORS headers to inject to the HTTP response. The default value is empty string which disables CORS headers.
+
 #### **--help**, **-h**
 
 Print usage statement.