diff options
Diffstat (limited to 'docs/source')
| -rw-r--r-- | docs/source/markdown/options/device.md | 14 | ||||
| -rw-r--r-- | docs/source/markdown/options/digestfile.md | 4 | ||||
| -rw-r--r-- | docs/source/markdown/options/label.md | 3 | ||||
| -rw-r--r-- | docs/source/markdown/podman-build.1.md.in | 38 | ||||
| -rw-r--r-- | docs/source/markdown/podman-container-clone.1.md.in | 25 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md.in | 19 | ||||
| -rw-r--r-- | docs/source/markdown/podman-generate-systemd.1.md | 6 | ||||
| -rw-r--r-- | docs/source/markdown/podman-manifest-push.1.md.in | 4 | ||||
| -rw-r--r-- | docs/source/markdown/podman-pod-clone.1.md.in | 40 | ||||
| -rw-r--r-- | docs/source/markdown/podman-pod-create.1.md.in | 40 | ||||
| -rw-r--r-- | docs/source/markdown/podman-push.1.md.in | 4 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md.in | 29 |
12 files changed, 53 insertions, 173 deletions
diff --git a/docs/source/markdown/options/device.md b/docs/source/markdown/options/device.md new file mode 100644 index 000000000..619c70a9b --- /dev/null +++ b/docs/source/markdown/options/device.md @@ -0,0 +1,14 @@ +#### **--device**=*host-device[:container-device][:permissions]* + +Add a host device to the <<container|pod>>. Optional *permissions* parameter +can be used to specify device permissions by combining +**r** for read, **w** for write, and **m** for **mknod**(2). + +Example: **--device=/dev/sdc:/dev/xvdc:rwm**. + +Note: if *host-device* is a symbolic link then it will be resolved first. +The <<container|pod>> will only store the major and minor numbers of the host device. + +Podman may load kernel modules required for using the specified +device. The devices that Podman will load modules for when necessary are: +/dev/fuse. diff --git a/docs/source/markdown/options/digestfile.md b/docs/source/markdown/options/digestfile.md new file mode 100644 index 000000000..de013e287 --- /dev/null +++ b/docs/source/markdown/options/digestfile.md @@ -0,0 +1,4 @@ +#### **--digestfile**=*Digestfile* + +After copying the image, write the digest of the resulting image to the file. +(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) diff --git a/docs/source/markdown/options/label.md b/docs/source/markdown/options/label.md new file mode 100644 index 000000000..629aa82e6 --- /dev/null +++ b/docs/source/markdown/options/label.md @@ -0,0 +1,3 @@ +#### **--label**, **-l**=*key=value* + +Add metadata to a <<container|pod>>. diff --git a/docs/source/markdown/podman-build.1.md.in b/docs/source/markdown/podman-build.1.md.in index 84d803358..63b587687 100644 --- a/docs/source/markdown/podman-build.1.md.in +++ b/docs/source/markdown/podman-build.1.md.in @@ -156,8 +156,8 @@ more. When executing RUN instructions, run the command specified in the instruction with the specified capability removed from its capability set. -The CAP\_AUDIT\_WRITE, CAP\_CHOWN, CAP\_DAC\_OVERRIDE, CAP\_FOWNER, -CAP\_FSETID, CAP\_KILL, CAP\_MKNOD, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP, +The CAP\_CHOWN, CAP\_DAC\_OVERRIDE, CAP\_FOWNER, +CAP\_FSETID, CAP\_KILL, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP, CAP\_SETGID, CAP\_SETPCAP, CAP\_SETUID, and CAP\_SYS\_CHROOT capabilities are granted by default; this option can be used to remove them. @@ -205,16 +205,7 @@ keys and/or certificates. Decryption will be tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and omitted otherwise. -#### **--device**=*host-device[:container-device][:permissions]* - -Add a host device to the container. Optional *permissions* parameter -can be used to specify device permissions, it is combination of -**r** for read, **w** for write, and **m** for **mknod**(2). - -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. - -Note: if *host-device* is a symbolic link then it will be resolved first. -The container will only store the major and minor numbers of the host device. +@@option device Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. The **[crun(1)](https://github.com/containers/crun/tree/main/crun.1.md)** runtime offers a @@ -391,28 +382,9 @@ This option is not supported on the remote client, including Mac and Windows Name of the manifest list to which the image will be added. Creates the manifest list if it does not exist. This option is useful for building multi architecture images. -#### **--memory**, **-m**=*LIMIT* - -Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), -m (mebibytes), or g (gibibytes)) - -Allows you to constrain the memory available to a container. If the host -supports swap memory, then the **-m** memory setting can be larger than physical -RAM. If a limit of 0 is specified (not using **-m**), the container's memory is -not limited. The actual limit may be rounded up to a multiple of the operating -system's page size (the value would be very large, that's millions of -trillions). - -#### **--memory-swap**=*LIMIT* - -A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) option. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. By default, the swap `LIMIT` will be set to double -the value of --memory. +@@option memory -The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), -`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a -unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. +@@option memory-swap #### **--network**=*mode*, **--net** diff --git a/docs/source/markdown/podman-container-clone.1.md.in b/docs/source/markdown/podman-container-clone.1.md.in index 820fb7cd3..d4add19fd 100644 --- a/docs/source/markdown/podman-container-clone.1.md.in +++ b/docs/source/markdown/podman-container-clone.1.md.in @@ -64,28 +64,15 @@ Force removal of the original container that we are cloning. Can only be used in If no memory limits are specified, the original container's will be used. -#### **--memory-reservation**=*limit* +@@option memory-reservation -Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) +If unspecified, memory reservation will be the same as memory limit from the +container being cloned. -After setting memory reservation, when the system detects memory contention -or low memory, containers are forced to restrict their consumption to their -reservation. So you should always set the value below **--memory**, otherwise the -hard limit will take precedence. By default, memory reservation will be the same -as memory limit from the container being cloned. +@@option memory-swap -#### **--memory-swap**=*limit* - -A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. By default, the swap `LIMIT` will be set to double -the value of --memory if specified. Otherwise, the container being cloned will be used to derive the swap value. - -The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), -`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a -unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. - -This option is not supported on cgroups V1 rootless systems. +If unspecified, the container being cloned will be used to derive +the swap value. @@option memory-swappiness diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index d46340c88..ac45fa61d 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -123,25 +123,12 @@ each of stdin, stdout, and stderr. @@option cpuset-mems -#### **--device**=*host-device[:container-device][:permissions]* - -Add a host device to the container. Optional *permissions* parameter -can be used to specify device permissions, it is combination of -**r** for read, **w** for write, and **m** for **mknod**(2). - -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. - -Note: if *host-device* is a symbolic link then it will be resolved first. -The container will only store the major and minor numbers of the host device. +@@option device Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. Use the `--group-add keep-groups` flag to pass the user's supplementary group access into the container. -Podman may load kernel modules required for using the specified -device. The devices that podman will load modules when necessary are: -/dev/fuse. - @@option device-cgroup-rule @@option device-read-bps @@ -260,9 +247,7 @@ To specify multiple static IPv6 addresses per container, set multiple networks u @@option ipc -#### **--label**, **-l**=*label* - -Add metadata to a container (e.g., --label com.example.key=value) +@@option label @@option label-file diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 7c5e90ca5..ee649c95b 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -44,6 +44,12 @@ User-defined dependencies will be appended to the generated unit file, but any e Set the systemd unit name prefix for containers. The default is *container*. +#### **--env**, **-e**=*env* + +Set environment variables to the systemd unit files. + +If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in __*__ is specified without a value, Podman will search the host environment for variables starting with the prefix and will add those variables to the systemd unit files. + #### **--files**, **-f** Generate files instead of printing to stdout. The generated files are named {container,pod}-{ID,name}.service and will be placed in the current working directory. diff --git a/docs/source/markdown/podman-manifest-push.1.md.in b/docs/source/markdown/podman-manifest-push.1.md.in index 25b1f5c75..e3d578d10 100644 --- a/docs/source/markdown/podman-manifest-push.1.md.in +++ b/docs/source/markdown/podman-manifest-push.1.md.in @@ -29,9 +29,7 @@ Specifies the compression format to use. Supported values are: `gzip`, `zstd` a @@option creds -#### **--digestfile**=*Digestfile* - -After copying the image, write the digest of the resulting image to the file. +@@option digestfile #### **--format**, **-f**=*format* diff --git a/docs/source/markdown/podman-pod-clone.1.md.in b/docs/source/markdown/podman-pod-clone.1.md.in index e3a60172d..32183d778 100644 --- a/docs/source/markdown/podman-pod-clone.1.md.in +++ b/docs/source/markdown/podman-pod-clone.1.md.in @@ -31,23 +31,10 @@ If none are specified, the original pod's CPUset is used. @@option destroy -#### **--device**=*host-device[:container-device][:permissions]* - -Add a host device to the pod. Optional *permissions* parameter -can be used to specify device permissions. It is a combination of -**r** for read, **w** for write, and **m** for **mknod**(2). - -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. - -Note: if _host_device_ is a symbolic link then it will be resolved first. -The pod will only store the major and minor numbers of the host device. +@@option device Note: the pod implements devices by storing the initial configuration passed by the user and recreating the device on each container added to the pod. -Podman may load kernel modules required for using the specified -device. The devices that Podman will load modules for when necessary are: -/dev/fuse. - @@option device-read-bps @@option device-write-bps @@ -66,32 +53,13 @@ Print usage statement. @@option infra-name -#### **--label**, **-l**=*label* - -Add metadata to a pod (e.g., --label com.example.key=value). +@@option label @@option label-file -#### **--memory**, **-m**=*limit* - -Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) - -Constrains the memory available to a container. If the host -supports swap memory, then the **-m** memory setting can be larger than physical -RAM. If a limit of 0 is specified (not using **-m**), the container's memory is -not limited. The actual limit may be rounded up to a multiple of the operating -system's page size (the value would be very large, that's millions of trillions). - -#### **--memory-swap**=*limit* - -A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. By default, the swap `LIMIT` will be set to double -the value of --memory. +@@option memory -The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), -`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a -unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. +@@option memory-swap #### **--name**, **-n** diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 2ae439c45..b747022eb 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -48,23 +48,10 @@ Set the total number of CPUs delegated to the pod. Default is 0.000 which indica @@option cpuset-mems -#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_] - -Add a host device to the pod. Optional *permissions* parameter -can be used to specify device permissions. It is a combination of -**r** for read, **w** for write, and **m** for **mknod**(2). - -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. - -Note: if *host-device* is a symbolic link then it will be resolved first. -The pod will only store the major and minor numbers of the host device. +@@option device Note: the pod implements devices by storing the initial configuration passed by the user and recreating the device on each container added to the pod. -Podman may load kernel modules required for using the specified -device. The devices that Podman will load modules for when necessary are: -/dev/fuse. - @@option device-read-bps @@option device-write-bps @@ -130,34 +117,15 @@ The address must be within the network's IPv6 address pool. To specify multiple static IPv6 addresses per pod, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. -#### **--label**, **-l**=*label* - -Add metadata to a pod (e.g., --label com.example.key=value). +@@option label @@option label-file @@option mac-address -#### **--memory**, **-m**=*limit* - -Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) - -Constrains the memory available to a container. If the host -supports swap memory, then the **-m** memory setting can be larger than physical -RAM. If a limit of 0 is specified (not using **-m**), the container's memory is -not limited. The actual limit may be rounded up to a multiple of the operating -system's page size (the value would be very large, that's millions of trillions). - -#### **--memory-swap**=*limit* - -A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. By default, the swap `LIMIT` will be set to double -the value of --memory. +@@option memory -The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), -`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a -unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. +@@option memory-swap #### **--name**, **-n**=*name* diff --git a/docs/source/markdown/podman-push.1.md.in b/docs/source/markdown/podman-push.1.md.in index f9a6590f9..6e6eecfa2 100644 --- a/docs/source/markdown/podman-push.1.md.in +++ b/docs/source/markdown/podman-push.1.md.in @@ -62,9 +62,7 @@ Specifies the compression format to use. Supported values are: `gzip`, `zstd` a @@option creds -#### **--digestfile**=*Digestfile* - -After copying the image, write the digest of the resulting image to the file. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) +@@option digestfile @@option disable-content-trust diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 24140137d..d9b4fe5c3 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -159,25 +159,12 @@ Specify the key sequence for detaching a container. Format is a single character This option can also be set in **containers.conf**(5) file. -#### **--device**=*host-device[:container-device][:permissions]* - -Add a host device to the container. Optional *permissions* parameter -can be used to specify device permissions by combining -**r** for read, **w** for write, and **m** for **mknod**(2). - -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. - -Note: if _host_device_ is a symbolic link then it will be resolved first. -The container will only store the major and minor numbers of the host device. +@@option device Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. Use the `--group-add keep-groups` flag to pass the user's supplementary group access into the container. -Podman may load kernel modules required for using the specified -device. The devices that Podman will load modules when necessary are: -/dev/fuse. - @@option device-cgroup-rule @@option device-read-bps @@ -280,9 +267,7 @@ To specify multiple static IPv6 addresses per container, set multiple networks u @@option ipc -#### **--label**, **-l**=*key=value* - -Add metadata to a container. +@@option label @@option label-file @@ -309,15 +294,7 @@ This option is currently supported only by the **journald** log driver. @@option mac-address -#### **--memory**, **-m**=*number[unit]* - -Memory limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes). - -Allows you to constrain the memory available to a container. If the host -supports swap memory, then the **-m** memory setting can be larger than physical -RAM. If a limit of 0 is specified (not using **-m**), the container's memory is -not limited. The actual limit may be rounded up to a multiple of the operating -system's page size (the value would be very large, that's millions of trillions). +@@option memory @@option memory-reservation |