diff options
Diffstat (limited to 'docs/source')
21 files changed, 566 insertions, 62 deletions
diff --git a/docs/source/markdown/links/podman-container-inspect.1 b/docs/source/markdown/links/podman-container-inspect.1 deleted file mode 100644 index 261043845..000000000 --- a/docs/source/markdown/links/podman-container-inspect.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/podman-inspect.1 diff --git a/docs/source/markdown/links/podman-image-inspect.1 b/docs/source/markdown/links/podman-image-inspect.1 deleted file mode 100644 index 261043845..000000000 --- a/docs/source/markdown/links/podman-image-inspect.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/podman-inspect.1 diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 98c8251b4..15d936d17 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -64,8 +64,10 @@ discarded when writing images in Docker formats. #### **--arch**=*arch* -Set the ARCH of the image to the provided value instead of the architecture of -the host. +Set the architecture of the image to be built, and that of the base image to be +pulled, if the build uses one, to the provided value instead of using the +architecture of the build host. (Examples: arm, arm64, 386, amd64, ppc64le, +s390x) #### **--authfile**=*path* @@ -321,7 +323,8 @@ Pass through HTTP Proxy environment variables. #### **--iidfile**=*ImageIDfile* -Write the image ID to the file. +Write the built image's ID to the file. When `--platform` is specified more +than once, attempting to use this option will trigger an error. #### **--ignorefile** @@ -389,6 +392,7 @@ Name of the manifest list to which the image will be added. Creates the manifest if it does not exist. This option is useful for building multi architecture images. #### **--memory**, **-m**=*LIMIT* + Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) @@ -430,8 +434,9 @@ with a new set of cached layers. #### **--os**=*string* -Set the OS to the provided value instead of the current operating system of the -host. +Set the OS of the image to be built, and that of the base image to be pulled, +if the build uses one, instead of using the current operating system of the +build host. #### **--pid**=*pid* @@ -442,11 +447,28 @@ that the PID namespace in which `podman` itself is being run should be reused, or it can be the path to a PID namespace which is already in use by another process. -#### **--platform**="Linux" +#### **--platform**="OS/ARCH[/VARIANT][,...]" + +Set the OS/ARCH of the built image (and its base image, if your build uses one) +to the provided value instead of using the current operating system and +architecture of the host (for example `linux/arm`). If `--platform` is set, +then the values of the `--arch`, `--os`, and `--variant` options will be +overridden. + +The `--platform` flag can be specified more than once, or given a +comma-separated list of values as its argument. When more than one platform is +specified, the `--manifest` option should be used instead of the `--tag` +option. + +OS/ARCH pairs are those used by the Go Programming Language. In several cases +the ARCH value for a platform differs from one produced by other tools such as +the `arch` command. Valid OS and architecture name combinations are listed as +values for $GOOS and $GOARCH at https://golang.org/doc/install/source#environment, +and can also be found by running `go tool dist list`. -This option has no effect on the build. Other container engines use this option -to control the execution platform for the build (e.g., Windows, Linux) which is -not required for Buildah as it supports only Linux. +While `podman build` is happy to use base images and build images for any +platform that exists, `RUN` instructions will not be able to succeed without +the help of emulation provided by packages like `qemu-user-static`. #### **--pull** @@ -486,7 +508,6 @@ commands specified by the **RUN** instruction. Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME environment variable. `export BUILDAH_RUNTIME=/usr/local/bin/runc` - #### **--secret**=**id=id,src=path** Pass secret information to be used in the Containerfile for building images @@ -497,7 +518,6 @@ To later use the secret, use the --mount flag in a `RUN` instruction within a `C `RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret` - #### **--security-opt**=*option* Security Options @@ -697,7 +717,9 @@ process. #### **--variant**="" -Set the architecture variant of the image to be pulled. +Set the architecture variant of the image to be built, and that of the base +image to be pulled, if the build uses one, to the provided value instead of +using the architecture variant of the build host. #### **--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*] @@ -858,7 +880,7 @@ $ podman build --layers --force-rm -t imageName . $ podman build --no-cache --rm=false -t imageName . ``` -### Building an multi-architecture image using a --manifest option (Requires emulation software) +### Building a multi-architecture image using the --manifest option (requires emulation software) ``` $ podman build --arch arm --manifest myimage /tmp/mysrc @@ -866,6 +888,10 @@ $ podman build --arch arm --manifest myimage /tmp/mysrc $ podman build --arch amd64 --manifest myimage /tmp/mysrc $ podman build --arch s390x --manifest myimage /tmp/mysrc + +$ podman build --platform linux/s390x,linux/ppc64le,linux/amd64 --manifest myimage /tmp/mysrc + +$ podman build --platform linux/arm64 --platform linux/amd64 --manifest myimage /tmp/mysrc ``` ### Building an image using a URL, Git repo, or archive diff --git a/docs/source/markdown/podman-container-inspect.1.md b/docs/source/markdown/podman-container-inspect.1.md new file mode 100644 index 000000000..72b7cef3b --- /dev/null +++ b/docs/source/markdown/podman-container-inspect.1.md @@ -0,0 +1,318 @@ +% podman-container-inspect(1) + +## NAME +podman\-container\-inspect - Display a container's configuration + +## SYNOPSIS +**podman container inspect** [*options*] *container* [*container* ...] + +## DESCRIPTION + +This displays the low-level information on containers identified by name or ID. By default, this will render +all results in a JSON array. If a format is specified, the given template will be executed for each result. + +## OPTIONS + +#### **--format**, **-f**=*format* + +Format the output using the given Go template. +The keys of the returned JSON can be used as the values for the --format flag (see examples below). + +#### **--latest**, **-l** + +Instead of providing the container name or ID, use the last created container. If you use methods other than Podman +to run containers such as CRI-O, the last started container could be from either of those methods. + +(This option is not available with the remote Podman client.) + +#### **--size**, **-s** + +In addition to normal output, display the total file size if the type is a container. + + +## EXAMPLE + +``` +$ podman container inspect foobar +[ + { + "Id": "99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6", + "Created": "2021-09-16T06:09:08.936623325-04:00", + "Path": "echo", + "Args": [ + "hi" + ], + "State": { + "OciVersion": "1.0.2-dev", + "Status": "exited", + "Running": false, + "Paused": false, + "Restarting": false, + "OOMKilled": false, + "Dead": false, + "Pid": 0, + "ExitCode": 0, + "Error": "", + "StartedAt": "2021-09-16T06:09:09.033564436-04:00", + "FinishedAt": "2021-09-16T06:09:09.036184314-04:00", + "Healthcheck": { + "Status": "", + "FailingStreak": 0, + "Log": null + } + }, + "Image": "14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab", + "ImageName": "docker.io/library/alpine:latest", + "Rootfs": "", + "Pod": "", + "ResolvConfPath": "/run/user/3267/containers/overlay-containers/99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6/userdata/resolv.conf", + "HostnamePath": "/run/user/3267/containers/overlay-containers/99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6/userdata/hostname", + "HostsPath": "/run/user/3267/containers/overlay-containers/99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6/userdata/hosts", + "StaticDir": "/home/dwalsh/.local/share/containers/storage/overlay-containers/99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6/userdata", + "OCIConfigPath": "/home/dwalsh/.local/share/containers/storage/overlay-containers/99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6/userdata/config.json", + "OCIRuntime": "crun", + "ConmonPidFile": "/run/user/3267/containers/overlay-containers/99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6/userdata/conmon.pid", + "PidFile": "/run/user/3267/containers/overlay-containers/99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6/userdata/pidfile", + "Name": "foobar", + "RestartCount": 0, + "Driver": "overlay", + "MountLabel": "system_u:object_r:container_file_t:s0:c25,c695", + "ProcessLabel": "system_u:system_r:container_t:s0:c25,c695", + "AppArmorProfile": "", + "EffectiveCaps": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT" + ], + "BoundingCaps": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT" + ], + "ExecIDs": [], + "GraphDriver": { + "Name": "overlay", + "Data": { + "LowerDir": "/home/dwalsh/.local/share/containers/storage/overlay/e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68/diff", + "UpperDir": "/home/dwalsh/.local/share/containers/storage/overlay/8f3d70434a3db17410ec4710caf4f251f3e4ed0a96a08124e4b3d4af0a0ea300/diff", + "WorkDir": "/home/dwalsh/.local/share/containers/storage/overlay/8f3d70434a3db17410ec4710caf4f251f3e4ed0a96a08124e4b3d4af0a0ea300/work" + } + }, + "Mounts": [], + "Dependencies": [], + "NetworkSettings": { + "EndpointID": "", + "Gateway": "", + "IPAddress": "", + "IPPrefixLen": 0, + "IPv6Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "MacAddress": "", + "Bridge": "", + "SandboxID": "", + "HairpinMode": false, + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "Ports": {}, + "SandboxKey": "" + }, + "ExitCommand": [ + "/usr/bin/podman", + "--root", + "/home/dwalsh/.local/share/containers/storage", + "--runroot", + "/run/user/3267/containers", + "--log-level", + "warning", + "--cgroup-manager", + "systemd", + "--tmpdir", + "/run/user/3267/libpod/tmp", + "--runtime", + "crun", + "--storage-driver", + "overlay", + "--events-backend", + "journald", + "container", + "cleanup", + "99f66530fe9c7249f7cf29f78e8661669d5831cbe4ee80ea757d5e922dd6a8a6" + ], + "Namespace": "", + "IsInfra": false, + "Config": { + "Hostname": "99f66530fe9c", + "Domainname": "", + "User": "", + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", + "container=podman", + "HOME=/root", + "HOSTNAME=99f66530fe9c" + ], + "Cmd": [ + "echo", + "hi" + ], + "Image": "docker.io/library/alpine:latest", + "Volumes": null, + "WorkingDir": "/", + "Entrypoint": "", + "OnBuild": null, + "Labels": null, + "Annotations": { + "io.container.manager": "libpod", + "io.kubernetes.cri-o.Created": "2021-09-16T06:09:08.936623325-04:00", + "io.kubernetes.cri-o.TTY": "false", + "io.podman.annotations.autoremove": "FALSE", + "io.podman.annotations.init": "FALSE", + "io.podman.annotations.privileged": "FALSE", + "io.podman.annotations.publish-all": "FALSE", + "org.opencontainers.image.stopSignal": "15" + }, + "StopSignal": 15, + "CreateCommand": [ + "podman", + "run", + "--name", + "foobar", + "alpine", + "echo", + "hi" + ], + "Timezone": "local", + "Umask": "0022", + "Timeout": 0, + "StopTimeout": 10 + }, + "HostConfig": { + "Binds": [], + "CgroupManager": "systemd", + "CgroupMode": "private", + "ContainerIDFile": "", + "LogConfig": { + "Type": "journald", + "Config": null, + "Path": "", + "Tag": "", + "Size": "0B" + }, + "NetworkMode": "slirp4netns", + "PortBindings": {}, + "RestartPolicy": { + "Name": "", + "MaximumRetryCount": 0 + }, + "AutoRemove": false, + "VolumeDriver": "", + "VolumesFrom": null, + "CapAdd": [], + "CapDrop": [ + "CAP_AUDIT_WRITE", + "CAP_MKNOD", + "CAP_NET_RAW" + ], + "Dns": [], + "DnsOptions": [], + "DnsSearch": [], + "ExtraHosts": [], + "GroupAdd": [], + "IpcMode": "private", + "Cgroup": "", + "Cgroups": "default", + "Links": null, + "OomScoreAdj": 0, + "PidMode": "private", + "Privileged": false, + "PublishAllPorts": false, + "ReadonlyRootfs": false, + "SecurityOpt": [], + "Tmpfs": {}, + "UTSMode": "private", + "UsernsMode": "", + "ShmSize": 65536000, + "Runtime": "oci", + "ConsoleSize": [ + 0, + 0 + ], + "Isolation": "", + "CpuShares": 0, + "Memory": 0, + "NanoCpus": 0, + "CgroupParent": "user.slice", + "BlkioWeight": 0, + "BlkioWeightDevice": null, + "BlkioDeviceReadBps": null, + "BlkioDeviceWriteBps": null, + "BlkioDeviceReadIOps": null, + "BlkioDeviceWriteIOps": null, + "CpuPeriod": 0, + "CpuQuota": 0, + "CpuRealtimePeriod": 0, + "CpuRealtimeRuntime": 0, + "CpusetCpus": "", + "CpusetMems": "", + "Devices": [], + "DiskQuota": 0, + "KernelMemory": 0, + "MemoryReservation": 0, + "MemorySwap": 0, + "MemorySwappiness": 0, + "OomKillDisable": false, + "PidsLimit": 2048, + "Ulimits": [], + "CpuCount": 0, + "CpuPercent": 0, + "IOMaximumIOps": 0, + "IOMaximumBandwidth": 0, + "CgroupConf": null + } + } +] +``` + +``` +$ podman container inspect nervous_fermi --format "{{.ImageName}}" +registry.access.redhat.com/ubi8:latest +``` + +``` +$ podman container inspect foobar --format "{{.GraphDriver.Name}}" +overlay +``` + +``` +$ podman container inspect --latest --format {{.EffectiveCaps}} +[CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_KILL CAP_NET_BIND_SERVICE CAP_SETFCAP CAP_SETGID CAP_SETPCAP CAP_SETUID CAP_SYS_CHROOT] +``` + +## SEE ALSO +**[podman(1)](podman.1.md)**,**[podman-container(1)](podman-container.1.md)**, **[podman-inspect(1)](podman-inspect.1.md)** + +## HISTORY +Sep 2021, Originally compiled by Dan Walsh <dwalsh@redhat.com> diff --git a/docs/source/markdown/podman-container.1.md b/docs/source/markdown/podman-container.1.md index 3cc90d9ec..c950347a9 100644 --- a/docs/source/markdown/podman-container.1.md +++ b/docs/source/markdown/podman-container.1.md @@ -24,7 +24,7 @@ The container command allows you to manage containers | exists | [podman-container-exists(1)](podman-container-exists.1.md) | Check if a container exists in local storage | | export | [podman-export(1)](podman-export.1.md) | Export a container's filesystem contents as a tar archive. | | init | [podman-init(1)](podman-init.1.md) | Initialize a container | -| inspect | [podman-inspect(1)](podman-inspect.1.md) | Display a container or image's configuration. | +| inspect | [podman-container-inspect(1)](podman-container-inspect.1.md)| Display a container's configuration. | | kill | [podman-kill(1)](podman-kill.1.md) | Kill the main process in one or more containers. | | list | [podman-ps(1)](podman-ps.1.md) | List the containers on the system.(alias ls) | | logs | [podman-logs(1)](podman-logs.1.md) | Display the logs of a container. | diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 0c48f105e..ee52bfd13 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -513,7 +513,11 @@ Not implemented #### **--log-driver**="*k8s-file*" -Logging driver for the container. Currently available options are *k8s-file*, *journald*, and *none*, with *json-file* aliased to *k8s-file* for scripting compatibility. +Logging driver for the container. Currently available options are *k8s-file*, *journald*, *none* and *passthrough*, with *json-file* aliased to *k8s-file* for scripting compatibility. + +The *passthrough* driver passes down the standard streams (stdin, stdout, stderr) to the +container. It is not allowed with the remote Podman client and on a tty, since it is +vulnerable to attacks via TIOCSTI. #### **--log-opt**=*name*=*value* @@ -595,6 +599,8 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared + type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared,U=true + type=volume,source=vol1,destination=/path/in/container,ro=true type=tmpfs,tmpfs-size=512M,destination=/path/in/container @@ -613,6 +619,8 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and · ro, readonly: true or false (default). + . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container. + Options specific to image: · rw, readwrite: true or false (default). @@ -627,6 +635,8 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and . relabel: shared, private. + . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container. + Options specific to tmpfs: · ro, readonly: true or false (default). @@ -639,6 +649,7 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and · notmpcopyup: Disable copying files from the image to the tmpfs. + . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container. #### **--name**=*name* @@ -682,7 +693,7 @@ Valid _mode_ values are: #### **--network-alias**=*alias* -Add network-scoped alias for the container +Add network-scoped alias for the container. NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release. #### **--no-healthcheck** @@ -721,7 +732,7 @@ Default is to create a private PID namespace for the container #### **--pids-limit**=*limit* -Tune the container's pids limit. Set `0` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups). +Tune the container's pids limit. Set `-1` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups). #### **--platform**=*OS/ARCH* diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-generate-kube.1.md index 2e9f68bf3..9ae3941ec 100644 --- a/docs/source/markdown/podman-generate-kube.1.md +++ b/docs/source/markdown/podman-generate-kube.1.md @@ -37,8 +37,6 @@ random port is assigned by Podman in the specification. Create Kubernetes Pod YAML for a container called `some-mariadb`. ``` $ sudo podman generate kube some-mariadb -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # @@ -93,8 +91,6 @@ status: {} Create Kubernetes Pod YAML for a container with the directory `/home/user/my-data` on the host bind-mounted in the container to `/volume`. ``` $ podman generate kube my-container-with-bind-mounted-data -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # @@ -147,8 +143,6 @@ status: {} Create Kubernetes Pod YAML for a container with the named volume `priceless-data` mounted in the container at `/volume`. ``` $ podman generate kube my-container-using-priceless-data -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # @@ -200,8 +194,6 @@ status: {} Create Kubernetes Pod YAML for a pod called `demoweb` and include a service. ``` $ sudo podman generate kube -s demoweb -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # diff --git a/docs/source/markdown/podman-image-inspect.1.md b/docs/source/markdown/podman-image-inspect.1.md new file mode 100644 index 000000000..a4f81dfc0 --- /dev/null +++ b/docs/source/markdown/podman-image-inspect.1.md @@ -0,0 +1,105 @@ +% podman-image-inspect(1) + +## NAME +podman\-image\-inspect - Display an image's configuration + +## SYNOPSIS +**podman image inspect** [*options*] *image* [*image* ...] + +## DESCRIPTION + +This displays the low-level information on images identified by name or ID. By default, this will render +all results in a JSON array. If a format is specified, the given template will be executed for each result. + +## OPTIONS + +#### **--format**, **-f**=*format* + +Format the output using the given Go template. +The keys of the returned JSON can be used as the values for the --format flag (see examples below). + +## EXAMPLE + +``` +$ podman image inspect fedora +[ + { + "Id": "37e5619f4a8ca9dbc4d6c0ae7890625674a10dbcfb76201399e2aaddb40da17d", + "Digest": "sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a", + "RepoTags": [ + "registry.fedoraproject.org/fedora:latest" + ], + "RepoDigests": [ + "registry.fedoraproject.org/fedora@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a", + "registry.fedoraproject.org/fedora@sha256:b5290db40008aae9272ad3a6bd8070ef7ecd547c3bef014b894c327960acc582" + ], + "Parent": "", + "Comment": "Created by Image Factory", + "Created": "2021-08-09T05:48:47Z", + "Config": { + "Env": [ + "DISTTAG=f34container", + "FGC=f34", + "container=oci" + ], + "Cmd": [ + "/bin/bash" + ], + "Labels": { + "license": "MIT", + "name": "fedora", + "vendor": "Fedora Project", + "version": "34" + } + }, + "Version": "1.10.1", + "Author": "", + "Architecture": "amd64", + "Os": "linux", + "Size": 183852302, + "VirtualSize": 183852302, + "GraphDriver": { + "Name": "overlay", + "Data": { + "UpperDir": "/home/dwalsh/.local/share/containers/storage/overlay/0203e243f1ca4b6bb49371ecd21363212467ec6d7d3fa9f324cd4e78cc6b5fa2/diff", + "WorkDir": "/home/dwalsh/.local/share/containers/storage/overlay/0203e243f1ca4b6bb49371ecd21363212467ec6d7d3fa9f324cd4e78cc6b5fa2/work" + } + }, + "RootFS": { + "Type": "layers", + "Layers": [ + "sha256:0203e243f1ca4b6bb49371ecd21363212467ec6d7d3fa9f324cd4e78cc6b5fa2" + ] + }, + "Labels": { + "license": "MIT", + "name": "fedora", + "vendor": "Fedora Project", + "version": "34" + }, + "Annotations": {}, + "ManifestType": "application/vnd.docker.distribution.manifest.v2+json", + "User": "", + "History": [ + { + "created": "2021-08-09T05:48:47Z", + "comment": "Created by Image Factory" + } + ], + "NamesHistory": [ + "registry.fedoraproject.org/fedora:latest" + ] + } +] +``` + +``` +$ podman image inspect --format '{{ .Id }}' fedora +37e5619f4a8ca9dbc4d6c0ae7890625674a10dbcfb76201399e2aaddb40da17d +``` + +## SEE ALSO +**[podman(1)](podman.1.md)**,**[podman-image(1)](podman-image.1.md)**, **[podman-inspect(1)](podman-inspect.1.md)** + +## HISTORY +Sep 2021, Originally compiled by Dan Walsh <dwalsh@redhat.com> diff --git a/docs/source/markdown/podman-image-prune.1.md b/docs/source/markdown/podman-image-prune.1.md index bd08d18fc..493332ec0 100644 --- a/docs/source/markdown/podman-image-prune.1.md +++ b/docs/source/markdown/podman-image-prune.1.md @@ -17,6 +17,10 @@ The image prune command does not prune cache images that only use layers that ar Remove dangling images and images that have no associated containers. +#### **--external** + +Remove images even when they are used by external containers (e.g., build containers). + #### **--filter**=*filters* Provide filter values. diff --git a/docs/source/markdown/podman-image.1.md b/docs/source/markdown/podman-image.1.md index 3e6050d99..01024519f 100644 --- a/docs/source/markdown/podman-image.1.md +++ b/docs/source/markdown/podman-image.1.md @@ -11,30 +11,30 @@ The image command allows you to manage images ## COMMANDS -| Command | Man Page | Description | -| -------- | ----------------------------------------------- | --------------------------------------------------------------------------- | -| build | [podman-build(1)](podman-build.1.md) | Build a container using a Dockerfile. | -| diff | [podman-image-diff(1)](podman-image-diff.1.md) | Inspect changes on an image's filesystem. | -| exists | [podman-image-exists(1)](podman-image-exists.1.md) | Check if an image exists in local storage. | -| history | [podman-history(1)](podman-history.1.md) | Show the history of an image. | -| import | [podman-import(1)](podman-import.1.md) | Import a tarball and save it as a filesystem image. | -| inspect | [podman-inspect(1)](podman-inspect.1.md) | Display an image or image's configuration. | -| list | [podman-images(1)](podman-images.1.md) | List the container images on the system.(alias ls) | -| load | [podman-load(1)](podman-load.1.md) | Load an image from the docker archive. | -| mount | [podman-image-mount(1)](podman-image-mount.1.md) | Mount an image's root filesystem. | -| prune | [podman-image-prune(1)](podman-image-prune.1.md) | Remove all unused images from the local store. | -| pull | [podman-pull(1)](podman-pull.1.md) | Pull an image from a registry. | -| push | [podman-push(1)](podman-push.1.md) | Push an image from local storage to elsewhere. | -| rm | [podman-rmi(1)](podman-rmi.1.md) | Removes one or more locally stored images. | -| save | [podman-save(1)](podman-save.1.md) | Save an image to docker-archive or oci. | -| scp | [podman-image-scp(1)](podman-image-scp.1.md) | Securely copy an image from one host to another. | -| search | [podman-search(1)](podman-search.1.md) | Search a registry for an image. | -| sign | [podman-image-sign(1)](podman-image-sign.1.md) | Create a signature for an image. | -| tag | [podman-tag(1)](podman-tag.1.md) | Add an additional name to a local image. | -| tree | [podman-image-tree(1)](podman-image-tree.1.md) | Prints layer hierarchy of an image in a tree format. | -| trust | [podman-image-trust(1)](podman-image-trust.1.md) | Manage container registry image trust policy. | -| unmount | [podman-image-unmount(1)](podman-image-unmount.1.md) | Unmount an image's root filesystem. | -| untag | [podman-untag(1)](podman-untag.1.md) | Removes one or more names from a locally-stored image. | +| Command | Man Page | Description | +| -------- | --------------------------------------------------- | ----------------------------------------------------------------------- | +| build | [podman-build(1)](podman-build.1.md) | Build a container using a Dockerfile. | +| diff | [podman-image-diff(1)](podman-image-diff.1.md) | Inspect changes on an image's filesystem. | +| exists | [podman-image-exists(1)](podman-image-exists.1.md) | Check if an image exists in local storage. | +| history | [podman-history(1)](podman-history.1.md) | Show the history of an image. | +| import | [podman-import(1)](podman-import.1.md) | Import a tarball and save it as a filesystem image. | +| inspect | [podman-image-inspect(1)](podman-image-inspect.1.md)| Display an image's configuration. | +| list | [podman-images(1)](podman-images.1.md) | List the container images on the system.(alias ls) | +| load | [podman-load(1)](podman-load.1.md) | Load an image from the docker archive. | +| mount | [podman-image-mount(1)](podman-image-mount.1.md) | Mount an image's root filesystem. | +| prune | [podman-image-prune(1)](podman-image-prune.1.md) | Remove all unused images from the local store. | +| pull | [podman-pull(1)](podman-pull.1.md) | Pull an image from a registry. | +| push | [podman-push(1)](podman-push.1.md) | Push an image from local storage to elsewhere. | +| rm | [podman-rmi(1)](podman-rmi.1.md) | Removes one or more locally stored images. | +| save | [podman-save(1)](podman-save.1.md) | Save an image to docker-archive or oci. | +| scp | [podman-image-scp(1)](podman-image-scp.1.md) | Securely copy an image from one host to another. | +| search | [podman-search(1)](podman-search.1.md) | Search a registry for an image. | +| sign | [podman-image-sign(1)](podman-image-sign.1.md) | Create a signature for an image. | +| tag | [podman-tag(1)](podman-tag.1.md) | Add an additional name to a local image. | +| tree | [podman-image-tree(1)](podman-image-tree.1.md) | Prints layer hierarchy of an image in a tree format. | +| trust | [podman-image-trust(1)](podman-image-trust.1.md) | Manage container registry image trust policy. | +| unmount | [podman-image-unmount(1)](podman-image-unmount.1.md) | Unmount an image's root filesystem. | +| untag | [podman-untag(1)](podman-untag.1.md) | Removes one or more names from a locally-stored image. | ## SEE ALSO podman diff --git a/docs/source/markdown/podman-inspect.1.md b/docs/source/markdown/podman-inspect.1.md index ae26c1bbb..83dc5cbbe 100644 --- a/docs/source/markdown/podman-inspect.1.md +++ b/docs/source/markdown/podman-inspect.1.md @@ -14,6 +14,8 @@ all results in a JSON array. If the inspect type is all, the order of inspection If a format is specified, the given template will be executed for each result. For more inspection options, see also +[podman-container-inspect(1)](podman-container-inspect.1.md), +[podman-image-inspect(1)](podman-image-inspect.1.md), [podman-network-inspect(1)](podman-network-inspect.1.md), [podman-pod-inspect(1)](podman-pod-inspect.1.md), and [podman-volume-inspect(1)](podman-volume-inspect.1.md). @@ -160,7 +162,7 @@ myNetwork ``` ## SEE ALSO -podman(1) +**[podman(1)](podman.1.md)**,**[podman-container-inspect(1)](podman-container-inspect.1.md)**,**[podman-image-inspect(1)](podman-image-inspect.1.md)**,**[podman-network-inspect(1)](podman-network-inspect.1.md)**,**[podman-pod-inspect(1)](podman-pod-inspect.1.md)**,**[podman-volume-inspect(1)](podman-volume-inspect.1.md)**. ## HISTORY July 2017, Originally compiled by Dan Walsh <dwalsh@redhat.com> diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md index c864a87ef..f1fbd56ee 100644 --- a/docs/source/markdown/podman-machine-init.1.md +++ b/docs/source/markdown/podman-machine-init.1.md @@ -40,13 +40,17 @@ do these things manually or handle otherwise. #### **--image-path** Fully qualified path or URL to the VM image. -Can also be set to `testing` or `stable` to pull down default image. +Can also be set to `testing`, `next`, or `stable` to pull down default image. Defaults to `testing`. #### **--memory**, **-m**=*number* Memory (in MB). +#### **--now** + +Start the virtual machine immediately after it has been initialized. + #### **--help** Print usage statement. diff --git a/docs/source/markdown/podman-machine-ssh.1.md b/docs/source/markdown/podman-machine-ssh.1.md index a5cf69107..c4c732819 100644 --- a/docs/source/markdown/podman-machine-ssh.1.md +++ b/docs/source/markdown/podman-machine-ssh.1.md @@ -4,7 +4,7 @@ podman\-machine\-ssh - SSH into a virtual machine ## SYNOPSIS -**podman machine ssh** [*name*] [*command* [*arg* ...]] +**podman machine ssh** [*options*] [*name*] [*command* [*arg* ...]] ## DESCRIPTION @@ -21,6 +21,10 @@ with the virtual machine is established. Print usage statement. +#### **--username**=*name* + +Username to use when SSH-ing into the VM. + ## EXAMPLES To get an interactive session with the default virtual machine: diff --git a/docs/source/markdown/podman-network-connect.1.md b/docs/source/markdown/podman-network-connect.1.md index 47a54bd33..39893c676 100644 --- a/docs/source/markdown/podman-network-connect.1.md +++ b/docs/source/markdown/podman-network-connect.1.md @@ -14,6 +14,8 @@ Once connected, the container can communicate with other containers in the same #### **--alias** Add network-scoped alias for the container. If the network is using the `dnsname` CNI plugin, these aliases can be used for name resolution on the given network. Multiple *--alias* options may be specified as input. +NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation +that will be removed in a later release. ## EXAMPLE diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index b4c3fc2eb..fcb8ddeb9 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -38,6 +38,22 @@ Examples of the List Format: 0-4,9 # bits 0, 1, 2, 3, 4, and 9 set 0-2,7,12-14 # bits 0, 1, 2, 7, 12, 13, and 14 set +#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_] + +Add a host device to the pod. Optional *permissions* parameter +can be used to specify device permissions It is a combination of +**r** for read, **w** for write, and **m** for **mknod**(2). + +Example: **--device=/dev/sdc:/dev/xvdc:rwm**. + +Note: if _host_device_ is a symbolic link then it will be resolved first. +The pod will only store the major and minor numbers of the host device. + +Note: the pod implements devices by storing the initial configuration passed by the user and recreating the device on each container added to the pod. + +Podman may load kernel modules required for using the specified +device. The devices that Podman will load modules for when necessary are: +/dev/fuse. #### **--dns**=*ipaddr* @@ -141,7 +157,7 @@ Set network mode for the pod. Supported values are: #### **--network-alias**=strings -Add a DNS alias for the container. When the container is joined to a CNI network with support for the dnsname plugin, the container will be accessible through this name from other containers in the network. +Add a DNS alias for the pod. When the pod is joined to a CNI network with support for the dnsname plugin, the containers inside the pod will be accessible through this name from other containers in the network. #### **--no-hosts** diff --git a/docs/source/markdown/podman-pod-inspect.1.md b/docs/source/markdown/podman-pod-inspect.1.md index 1f4e6cb06..0c58b099e 100644 --- a/docs/source/markdown/podman-pod-inspect.1.md +++ b/docs/source/markdown/podman-pod-inspect.1.md @@ -70,7 +70,7 @@ Valid placeholders for the Go template are listed below: ``` ## SEE ALSO -podman-pod(1), podman-pod-ps(1) +**[podman(1)](podman.1.md)**,**[podman-pod(1)](podman-pod.1.md)**, **[podman-inspect(1)](podman-inspect.1.md)** ## HISTORY August 2018, Originally compiled by Brent Baude <bbaude@redhat.com> diff --git a/docs/source/markdown/podman-rmi.1.md b/docs/source/markdown/podman-rmi.1.md index e34b1964b..4f3ec5541 100644 --- a/docs/source/markdown/podman-rmi.1.md +++ b/docs/source/markdown/podman-rmi.1.md @@ -12,6 +12,8 @@ podman\-rmi - Removes one or more locally stored images Removes one or more locally stored images. Passing an argument _image_ deletes it, along with any of its dangling parent images. A dangling image is an image without a tag and without being referenced by another image. +Note: To delete an image from a remote registry, use the [**skopeo delete**](https://github.com/containers/skopeo/blob/main/docs/skopeo-delete.1.md) command. Some registries do not allow users to delete an image via a CLI remotely. + ## OPTIONS #### **--all**, **-a** @@ -51,7 +53,7 @@ $ podman rmi -a -f **125** The command fails for any other reason ## SEE ALSO -podman(1) +podman(1), skopeo-delete(1) ## HISTORY March 2017, Originally compiled by Dan Walsh <dwalsh@redhat.com> diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 7b6a56fc6..5cc17f470 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -538,7 +538,12 @@ Not implemented. #### **--log-driver**="*driver*" -Logging driver for the container. Currently available options are **k8s-file**, **journald**, and **none**, with **json-file** aliased to **k8s-file** for scripting compatibility. +Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility. + +The **passthrough** driver passes down the standard streams (stdin, stdout, stderr) to the +container. It is not allowed with the remote Podman client and on a tty, since it is +vulnerable to attacks via TIOCSTI. + #### **--log-opt**=*name*=*value* @@ -615,6 +620,8 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared + type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared,U=true + type=volume,source=vol1,destination=/path/in/container,ro=true type=tmpfs,tmpfs-size=512M,destination=/path/in/container @@ -633,6 +640,8 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and · ro, readonly: true or false (default). + . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container. + Options specific to image: · rw, readwrite: true or false (default). @@ -647,6 +656,8 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and . relabel: shared, private. + . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container. + Options specific to tmpfs: · ro, readonly: true or false (default). @@ -659,6 +670,8 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and · notmpcopyup: Disable copying files from the image to the tmpfs. + . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container. + #### **--name**=*name* Assign a name to the container. @@ -702,7 +715,7 @@ Valid _mode_ values are: #### **--network-alias**=*alias* -Add network-scoped alias for the container +Add network-scoped alias for the container. NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release. #### **--no-healthcheck** @@ -743,7 +756,7 @@ The default is to create a private PID namespace for the container. #### **--pids-limit**=*limit* -Tune the container's pids limit. Set to **0** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller. +Tune the container's pids limit. Set to **-1** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller. #### **--platform**=*OS/ARCH* diff --git a/docs/source/markdown/podman-save.1.md b/docs/source/markdown/podman-save.1.md index 1f1f60b22..842bc8b41 100644 --- a/docs/source/markdown/podman-save.1.md +++ b/docs/source/markdown/podman-save.1.md @@ -29,6 +29,10 @@ Note: `:` is a restricted character and cannot be part of the file name. Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source) Note: This flag can only be set when using the **dir** transport i.e --format=oci-dir or --format=docker-dir +#### **--uncompressed** + +Accept uncompressed layers when copying OCI images. + #### **--output**, **-o**=*file* Write to a file, default is STDOUT diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md index dfb026de1..3bc4fc7f1 100644 --- a/docs/source/markdown/podman-system-service.1.md +++ b/docs/source/markdown/podman-system-service.1.md @@ -30,6 +30,9 @@ Note: The default systemd unit files (system and user) change the log-level opti The time until the session expires in _seconds_. The default is 5 seconds. A value of `0` means no timeout, therefore the session will not expire. +The default timeout can be changed via the `service_timeout=VALUE` field in containers.conf. +See **[containers.conf(5)](https://github.com/containers/common/blob/master/docs/containers.conf.5.md)** for more information. + #### **--cors** CORS headers to inject to the HTTP response. The default value is empty string which disables CORS headers. @@ -46,7 +49,7 @@ podman system service --time 5 ``` ## SEE ALSO -podman(1), podman-system-service(1), podman-system-connection(1) +**[podman(1)](podman.1.md)**, **[podman-system-connection(1)](podman-system-connection.1.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/master/docs/containers.conf.5.md)** ## HISTORY January 2020, Originally compiled by Brent Baude `<bbaude@redhat.com>` diff --git a/docs/source/markdown/podman-volume-inspect.1.md b/docs/source/markdown/podman-volume-inspect.1.md index ea0ee91b4..4595ccda6 100644 --- a/docs/source/markdown/podman-volume-inspect.1.md +++ b/docs/source/markdown/podman-volume-inspect.1.md @@ -40,7 +40,7 @@ $ podman volume inspect --format "{{.Driver}} {{.Scope}}" myvol ``` ## SEE ALSO -podman-volume(1) +**[podman(1)](podman.1.md)**,**[podman-volume(1)](podman-volume.1.md)**, **[podman-inspect(1)](podman-inspect.1.md)** ## HISTORY November 2018, Originally compiled by Urvashi Mohnani <umohnani@redhat.com> |