diff options
Diffstat (limited to 'docs/source')
| -rw-r--r-- | docs/source/markdown/options/rootfs.md | 19 | ||||
| -rw-r--r-- | docs/source/markdown/options/volume.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/options/volumes-from.md | 32 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md.in | 50 | ||||
| -rw-r--r-- | docs/source/markdown/podman-generate-systemd.1.md | 4 | ||||
| -rw-r--r-- | docs/source/markdown/podman-pod-clone.1.md.in | 34 | ||||
| -rw-r--r-- | docs/source/markdown/podman-pod-create.1.md.in | 34 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md.in | 53 | ||||
| -rw-r--r-- | docs/source/markdown/podman.1.md | 6 |
9 files changed, 64 insertions, 170 deletions
diff --git a/docs/source/markdown/options/rootfs.md b/docs/source/markdown/options/rootfs.md new file mode 100644 index 000000000..a03c4eef1 --- /dev/null +++ b/docs/source/markdown/options/rootfs.md @@ -0,0 +1,19 @@ +#### **--rootfs** + +If specified, the first argument refers to an exploded container on the file system. + +This is useful to run a container without requiring any image management, the rootfs +of the container is assumed to be managed externally. + + `Overlay Rootfs Mounts` + + The `:O` flag tells Podman to mount the directory from the rootfs path as +storage using the `overlay file system`. The container processes +can modify content within the mount point which is stored in the +container storage in a separate directory. In overlay terms, the source +directory will be the lower, and the container storage directory will be the +upper. Modifications to the mount point are destroyed when the container +finishes executing, similar to a tmpfs mount point being unmounted. + +Note: On **SELinux** systems, the rootfs needs the correct label, which is by default +**unconfined_u:object_r:container_file_t:s0**. diff --git a/docs/source/markdown/options/volume.md b/docs/source/markdown/options/volume.md index 6d0d9a4b3..9c4a7f981 100644 --- a/docs/source/markdown/options/volume.md +++ b/docs/source/markdown/options/volume.md @@ -1,7 +1,7 @@ #### **--volume**, **-v**=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]* Create a bind mount. If `-v /HOST-DIR:/CONTAINER-DIR` is specified, Podman -bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman +bind mounts `/HOST-DIR` from the host into `/CONTAINER-DIR` in the Podman container. Similarly, `-v SOURCE-VOLUME:/CONTAINER-DIR` will mount the named volume from the host into the container. If no such named volume exists, Podman will create one. (Note when using the remote client, including Mac and Windows (excluding WSL2) machines, the volumes will be mounted from the remote server, not necessarily the client machine.) diff --git a/docs/source/markdown/options/volumes-from.md b/docs/source/markdown/options/volumes-from.md new file mode 100644 index 000000000..ebef116e7 --- /dev/null +++ b/docs/source/markdown/options/volumes-from.md @@ -0,0 +1,32 @@ +#### **--volumes-from**=*CONTAINER[:OPTIONS]* + +Mount volumes from the specified container(s). Used to share volumes between +containers<<| and pods>>. The *options* is a comma-separated list with the following available elements: + +* **rw**|**ro** +* **z** + +Mounts already mounted volumes from a source container onto another +<<container|pod>>. _CONTAINER_ may be a name or ID. +To share a volume, use the --volumes-from option when running +the target container. Volumes can be shared even if the source container +is not running. + +By default, Podman mounts the volumes in the same mode (read-write or +read-only) as it is mounted in the source container. +This can be changed by adding a `ro` or `rw` _option_. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a <<container|pod>>. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Podman does not change the labels set by the OS. + +To change a label in the <<container|pod>> context, add `z` to the volume mount. +This suffix tells Podman to relabel file objects on the shared volumes. The `z` +option tells Podman that two entities share the volume content. As a result, +Podman labels the content with a shared content label. Shared volume labels allow +all containers to read/write content. + +If the location of the volume from the source container overlaps with +data residing on a target <<container|pod>>, then the volume hides +that data on the target. diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 17ef704e6..6f6bb29e5 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -418,22 +418,7 @@ Suppress output information when pulling images Automatically remove the container when it exits. The default is *false*. -#### **--rootfs** - -If specified, the first argument refers to an exploded container on the file system. - -This is useful to run a container without requiring any image management, the rootfs -of the container is assumed to be managed externally. - - `Overlay Rootfs Mounts` - - The `:O` flag tells Podman to mount the directory from the rootfs path as -storage using the `overlay file system`. The container processes -can modify content within the mount point which is stored in the -container storage in a separate directory. In overlay terms, the source -directory will be the lower, and the container storage directory will be the -upper. Modifications to the mount point are destroyed when the container -finishes executing, similar to a tmpfs mount point being unmounted. +@@option rootfs @@option sdnotify @@ -543,38 +528,7 @@ Use _VARIANT_ instead of the default architecture variant of the container image Use the **--group-add keep-groups** option to pass the user's supplementary group access into the container. -#### **--volumes-from**=*CONTAINER[:OPTIONS]]* - -Mount volumes from the specified container(s). Used to share volumes between -containers. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container onto another -container. You must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. You can share volumes even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -You can change this by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a container. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the container context, you can add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two containers share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target container, then the volume hides -that data on the target. +@@option volumes-from @@option workdir diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index ee649c95b..b733cff8d 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -85,7 +85,9 @@ Set the systemd unit requires (`Requires=`) option. Similar to wants, but declar #### **--restart-policy**=*policy* Set the systemd restart policy. The restart-policy must be one of: "no", "on-success", "on-failure", "on-abnormal", -"on-watchdog", "on-abort", or "always". The default policy is *on-failure*. +"on-watchdog", "on-abort", or "always". The default policy is *on-failure* unless the container was created with a custom restart policy. + +Note that generating a unit without `--new` on a container with a custom restart policy can lead to issues on shutdown; systemd will attempt to stop the unit while Podman tries to restart it. It is recommended to to create the container without `--restart` and use the `--restart-policy` option instead when generating the unit file. #### **--restart-sec**=*time* diff --git a/docs/source/markdown/podman-pod-clone.1.md.in b/docs/source/markdown/podman-pod-clone.1.md.in index 1d7b1f259..15f7ec208 100644 --- a/docs/source/markdown/podman-pod-clone.1.md.in +++ b/docs/source/markdown/podman-pod-clone.1.md.in @@ -124,39 +124,7 @@ clone process has completed. All containers within the pod are started. @@option volume -#### **--volumes-from**=*container[:options]]* - -Mount volumes from the specified container(s). Used to share volumes between -containers and pods. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container into another -pod. Must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. Volumes can be shared even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -This can be changed by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a pod. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the pod context, add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two entities share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target pod, then the volume hides -that data on the target. - +@@option volumes-from ## EXAMPLES ``` diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 3a3909340..f1fdc3e6b 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -265,39 +265,7 @@ When size is `0`, there is no limit on the amount of memory used for IPC by the @@option volume -#### **--volumes-from**=*container[:options]]* - -Mount volumes from the specified container(s). Used to share volumes between -containers and pods. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container into another -pod. You must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. You can share volumes even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -You can change this by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a pod. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the pod context, you can add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two entities share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target pod, then the volume hides -that data on the target. - +@@option volumes-from ## EXAMPLES diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 493a7494a..53f7cfe99 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -455,25 +455,7 @@ Automatically remove the container when it exits. The default is **false**. After exit of the container, remove the image unless another container is using it. The default is *false*. -#### **--rootfs** - -If specified, the first argument refers to an exploded container on the file system. - -This is useful to run a container without requiring any image management, the rootfs -of the container is assumed to be managed externally. - - `Overlay Rootfs Mounts` - - The `:O` flag tells Podman to mount the directory from the rootfs path as -storage using the `overlay file system`. The container processes -can modify content within the mount point which is stored in the -container storage in a separate directory. In overlay terms, the source -directory will be the lower, and the container storage directory will be the -upper. Modifications to the mount point are destroyed when the container -finishes executing, similar to a tmpfs mount point being unmounted. - -Note: On **SELinux** systems, the rootfs needs the correct label, which is by default -**unconfined_u:object_r:container_file_t**. +@@option rootfs @@option sdnotify @@ -588,38 +570,7 @@ Use _VARIANT_ instead of the default architecture variant of the container image Use the **--group-add keep-groups** option to pass the user's supplementary group access into the container. -#### **--volumes-from**=*CONTAINER[:OPTIONS]* - -Mount volumes from the specified container(s). Used to share volumes between -containers. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container onto another -container. You must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. You can share volumes even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -You can change this by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a container. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the container context, you can add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two containers share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target container, then the volume hides -that data on the target. +@@option volumes-from @@option workdir diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 3b3974dcc..7a8dd7043 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -43,8 +43,8 @@ Remote connections use local containers.conf for default. #### **--events-backend**=*type* Backend to use for storing events. Allowed values are **file**, **journald**, and -**none**. When *file* is specified, the events are stored under a subdirectory -of the *tmpdir* location (see **--tmpdir** below). +**none**. When *file* is specified, the events are stored under +`<tmpdir>/events/events.log` (see **--tmpdir** below). #### **--help**, **-h** @@ -158,7 +158,7 @@ On remote clients, including Mac and Windows (excluding WSL2) machines, logging #### **--tmpdir** -Path to the tmp directory, for libpod runtime content. +Path to the tmp directory, for libpod runtime content. Defaults to `$XDG\_RUNTIME\_DIR/libpod/tmp` as rootless and `run/libpod/tmp` as rootful. NOTE --tmpdir is not used for the temporary storage of downloaded images. Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. |