summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/libpod.conf.5.md114
-rw-r--r--docs/source/markdown/podman-attach.1.md4
-rw-r--r--docs/source/markdown/podman-create.1.md93
-rw-r--r--docs/source/markdown/podman-events.1.md4
-rw-r--r--docs/source/markdown/podman-pull.1.md6
-rw-r--r--docs/source/markdown/podman-push.1.md6
-rw-r--r--docs/source/markdown/podman-run.1.md62
-rw-r--r--docs/source/markdown/podman-system-migrate.1.md2
-rw-r--r--docs/source/markdown/podman-system-renumber.1.md6
-rw-r--r--docs/source/markdown/podman.1.md16
-rw-r--r--docs/tutorials/rootless_tutorial.md4
11 files changed, 152 insertions, 165 deletions
diff --git a/docs/source/markdown/libpod.conf.5.md b/docs/source/markdown/libpod.conf.5.md
deleted file mode 100644
index ca45bccf6..000000000
--- a/docs/source/markdown/libpod.conf.5.md
+++ /dev/null
@@ -1,114 +0,0 @@
-% libpod.conf(5)
-
-## NAME
-libpod.conf - libpod configuration file
-
-## DESCRIPTION
-The libpod.conf file is the default configuration file for all tools using
-libpod to manage containers.
-
-## OPTIONS
-
-**image_default_transport**=""
- Default transport method for pulling and pushing images
-
-**runtime**=""
- Default OCI runtime to use if nothing is specified in **runtimes**
-
-**runtimes**
- For each OCI runtime, specify a list of paths to look for. The first one found is used. If the paths are empty or no valid path was found, then the `$PATH` environment variable will be used as the fallback.
-
-**conmon_path**=""
- Paths to search for the conmon container manager binary. If the paths are empty or no valid path was found, then the `$PATH` environment variable will be used as the fallback.
-
-**conmon_env_vars**=""
- Environment variables to pass into Conmon
-
-**cgroup_manager**=""
- Specify the CGroup Manager to use; valid values are "systemd" and "cgroupfs"
-
-**lock_type**=""
- Specify the locking mechanism to use; valid values are "shm" and "file". Change the default only if you are sure of what you are doing, in general "file" is useful only on platforms where cgo is not available for using the faster "shm" lock type. You may need to run "podman system renumber" after you change the lock type.
-
-**init_path**=""
- Path to the container-init binary, which forwards signals and reaps processes within containers. Note that the container-init binary will only be used when the `--init` for podman-create and podman-run is set.
-
-**hooks_dir**=["*path*", ...]
-
- Each `*.json` file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated.
-
- Paths listed later in the array have higher precedence (`oci-hooks(5)` discusses directory precedence).
-
- For the annotation conditions, libpod uses any annotations set in the generated OCI configuration.
-
- For the bind-mount conditions, only mounts explicitly requested by the caller via `--volume` are considered. Bind mounts that libpod inserts by default (e.g. `/dev/shm`) are not considered.
-
- Podman and libpod currently support an additional `precreate` state which is called before the runtime's `create` operation. Unlike the other stages, which receive the container state on their standard input, `precreate` hooks receive the proposed runtime configuration on their standard input. They may alter that configuration as they see fit, and write the altered form to their standard output.
-
- **WARNING**: the `precreate` hook lets you do powerful things, such as adding additional mounts to the runtime configuration. That power also makes it easy to break things. Before reporting libpod errors, try running your container with `precreate` hooks disabled to see if the problem is due to one of your hooks.
-
-**static_dir**=""
- Directory for persistent libpod files (database, etc)
- By default this will be configured relative to where containers/storage
- stores containers
-
-**tmp_dir**=""
- Directory for temporary files
- Must be a tmpfs (wiped after reboot)
-
-**max_log_size**=""
- Maximum size of log files (in bytes)
-
-**no_pivot_root**=""
- Whether to use chroot instead of pivot_root in the runtime
-
-**cni_config_dir**=""
- Directory containing CNI plugin configuration files
-
-**cni_plugin_dir**=""
- Directories where CNI plugin binaries may be located
-
-**infra_image** = ""
- Infra (pause) container image name for pod infra containers. When running a pod, we
- start a `pause` process in a container to hold open the namespaces associated with the
- pod. This container and process, basically sleep/pause for the lifetime of the pod.
-
-**infra_command**=""
- Command to run the infra container
-
-**namespace**=""
- Default libpod namespace. If libpod is joined to a namespace, it will see only containers and pods
- that were created in the same namespace, and will create new containers and pods in that namespace.
- The default namespace is "", which corresponds to no namespace. When no namespace is set, all
- containers and pods are visible.
-
-**label**="true|false"
- Indicates whether the containers should use label separation by default.
- Can be overridden via `--security-opt label=...` on the CLI.
-
-**num_locks**=""
- Number of locks available for containers and pods. Each created container or pod consumes one lock.
- The default number available is 2048.
- If this is changed, a lock renumbering must be performed, using the `podman system renumber` command.
-
-**volume_path**=""
- Directory where named volumes will be created in using the default volume driver.
- By default this will be configured relative to where containers/storage stores containers.
-
-**network_cmd_path**=""
- Path to the command binary to use for setting up a network. It is currently only used for setting up
- a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable.
-
-**events_logger**=""
- Default method to use when logging events. Valid values are "file", "journald", and "none".
-
-**detach_keys**=""
- Keys sequence used for detaching a container
-
-## FILES
- `/usr/share/containers/libpod.conf`, default libpod configuration path
-
- `/etc/containers/libpod.conf`, override libpod configuration path
-
-## HISTORY
-Apr 2018, Originally compiled by Nathan Williams <nath.e.will@gmail.com>
diff --git a/docs/source/markdown/podman-attach.1.md b/docs/source/markdown/podman-attach.1.md
index 1ac2e49a9..cb3ffa92e 100644
--- a/docs/source/markdown/podman-attach.1.md
+++ b/docs/source/markdown/podman-attach.1.md
@@ -15,7 +15,7 @@ or name, either to view its ongoing output or to control it interactively.
You can detach from the container (and leave it running) using a configurable key sequence. The default
sequence is `ctrl-p,ctrl-q`.
Configure the keys sequence using the **--detach-keys** option, or specifying
-it in the **libpod.conf** file: see **libpod.conf(5)** for more information.
+it in the **containers.conf** file: see **containers.conf(5)** for more information.
## OPTIONS
**--detach-keys**=*sequence*
@@ -55,4 +55,4 @@ $ podman attach 1234
$ podman attach --no-stdin foobar
```
## SEE ALSO
-podman(1), podman-exec(1), podman-run(1)
+podman(1), podman-exec(1), podman-run(1), containers.conf(5)
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 4466e6616..03f23aec0 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -190,7 +190,7 @@ detached container with **podman attach**.
When attached in the tty mode, you can detach from the container (and leave it
running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`.
Configure the keys sequence using the **--detach-keys** option, or specifying
-it in the **libpod.conf** file: see **libpod.conf(5)** for more information.
+it in the **containers.conf** file: see **containers.conf(5)** for more information.
**--detach-keys**=*sequence*
@@ -234,6 +234,12 @@ Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sd
Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
+**--disable-content-trust**
+
+This is a Docker specific option to disable image verification to a Docker
+registry and is not supported by Podman. This flag is a NOOP and provided
+solely for scripting compatibility.
+
**--dns**=*dns*
Set custom DNS servers. Invalid if using **--dns** and **--network** that is set to 'none' or 'container:<name|id>'.
@@ -741,7 +747,7 @@ Security Options
- `seccomp=unconfined` : Turn off seccomp confinement for the container
- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
-Note: Labeling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.
+Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
**--shm-size**=*size*
@@ -811,7 +817,7 @@ Create a tmpfs mount
Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
-$ podman run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
+$ podman create -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
This command mounts a `tmpfs` at `/tmp` within the container. The supported mount
options are the same as the Linux default `mount` flags. If you do not specify
@@ -887,15 +893,20 @@ Set the UTS mode for the container
Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, podman
bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the podman
-container. The `OPTIONS` are a comma delimited list and can be: <sup>[[1]](#Footnote1)</sup>
+container. Similarly, `-v SOURCE-VOLUME:/CONTAINER-DIR` will mount the volume
+in the host to the container. If no such named volume exists, Podman will
+create one. The `OPTIONS` are a comma delimited list and can be: <sup>[[1]](#Footnote1)</sup>
-* [rw|ro]
-* [z|Z]
-* [`[r]shared`|`[r]slave`|`[r]private`]
-* [`[r]bind`]
-* [`noexec`|`exec`]
-* [`nodev`|`dev`]
-* [`nosuid`|`suid`]
+The _options_ is a comma delimited list and can be:
+
+* **rw**|**ro**
+* **z**|**Z**
+* [**r**]**shared**|[**r**]**slave**|[**r**]**private**
+* [**r**]**bind**
+* [**no**]**exec**
+* [**no**]**dev**
+* [**no**]**suid**
+* [**O**]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory.
@@ -908,18 +919,22 @@ the container is removed via the `--rm` flag or `podman rm --volumes`.
If a volume source is specified, it must be a path on the host or the name of a
named volume. Host paths are allowed to be absolute or relative; relative paths
are resolved relative to the directory Podman is run in. Any source that does
-not begin with a `.` or `/` it will be treated as the name of a named volume.
+not begin with a `.` or `/` will be treated as the name of a named volume.
If a volume with that name does not exist, it will be created. Volumes created
-with names are not anonymous and are not removed by `--rm` and
-`podman rm --volumes`.
+with names are not anonymous. They are not removed by the `--rm` option and the
+`podman rm --volumes` command.
You can specify multiple **-v** options to mount one or more volumes into a
container.
-You can add `:ro` or `:rw` suffix to a volume to mount it read-only or
+ `Write Protected Volume Mounts`
+
+You can add `:ro` or `:rw` suffix to a volume to mount it read-only or
read-write mode, respectively. By default, the volumes are mounted read-write.
See examples.
+ `Labeling Volume Mounts`
+
Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
prevent the processes running inside the container from using the content. By
@@ -933,6 +948,37 @@ content label. Shared volume labels allow all containers to read/write content.
The `Z` option tells Podman to label the content with a private unshared label.
Only the current container can use a private volume.
+ `Overlay Volume Mounts`
+
+ The `:O` flag tells Podman to mount the directory from the host as a
+temporary storage using the `overlay file system`. The container processes
+can modify content within the mountpoint which is stored in the
+container storage in a separate directory. In overlay terms, the source
+directory will be the lower, and the container storage directory will be the
+upper. Modifications to the mount point are destroyed when the container
+finishes executing, similar to a tmpfs mount point being unmounted.
+
+ Subsequent executions of the container will see the original source directory
+content, any changes from previous container executions no longer exists.
+
+ One use case of the overlay mount is sharing the package cache from the
+host into the container to allow speeding up builds.
+
+ Note:
+
+ - The `O` flag conflicts with other options listed above.
+Content mounted into the container is labeled with the private label.
+ On SELinux systems, labels in the source directory must be readable
+by the container label. Usually containers can read/execute `container_share_t`
+and can read/write `container_file_t`. If you can not change the labels on a
+source volume, SELinux container separation must be disabled for the container
+to work.
+ - The source directory mounted into the container with an overlay mount
+should not be modified, it can cause unexpected failures. It is recommended
+that you do not modify the directory until the container finishes running.
+
+ `Mounts propagation`
+
By default bind mounted volumes are `private`. That means any mounts done
inside container will not be visible on host and vice versa. One can change
this behavior by specifying a volume mount propagation property. Making a
@@ -949,7 +995,7 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave. <sup>[[1]](#Footnote1)</sup>
-If you want to recursively mount a volume and all of it's submounts into a
+If you want to recursively mount a volume and all of its submounts into a
container, then you can use the `rbind` option. By default the bind option is
used, and submounts of the source directory will not be mounted into the
container.
@@ -1080,14 +1126,13 @@ required for VPN, without it containers need to be run with the --network=host f
Environment variables within containers can be set using multiple different options: This section describes the precedence.
-Precedence Order:
- **--env-host** : Host environment of the process executing Podman is added.
-
- Container image : Any environment variables specified in the container image.
-
- **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry.
+Precedence order (later entries override earlier entries):
- **--env** : Any environment variables specified will override previous settings.
+- **--env-host** : Host environment of the process executing Podman is added.
+- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details.
+- Container image : Any environment variables specified in the container image.
+- **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry.
+- **--env** : Any environment variables specified will override previous settings.
Create containers and set the environment ending with a __*__ and a *****
@@ -1110,7 +1155,7 @@ b
NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
## SEE ALSO
-subgid(5), subuid(5), libpod.conf(5), systemd.unit(5), setsebool(8), slirp4netns(1), fuse-overlayfs(1)
+**subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1).
## HISTORY
October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman <dwalsh@redhat.com>
diff --git a/docs/source/markdown/podman-events.1.md b/docs/source/markdown/podman-events.1.md
index abfc6e9c1..0d91cdf17 100644
--- a/docs/source/markdown/podman-events.1.md
+++ b/docs/source/markdown/podman-events.1.md
@@ -10,7 +10,7 @@ podman\-events - Monitor Podman events
Monitor and print events that occur in Podman. Each event will include a timestamp,
a type, a status, name (if applicable), and image (if applicable). The default logging
-mechanism is *journald*. This can be changed in libpod.conf by changing the `events_logger`
+mechanism is *journald*. This can be changed in containers.conf by changing the `events_logger`
value to `file`. Only `file` and `journald` are accepted. A `none` logger is also
available but this logging mechanism completely disables events; nothing will be reported by
`podman events`.
@@ -150,7 +150,7 @@ $ podman events --format json
```
## SEE ALSO
-podman(1)
+podman(1), containers.conf(5)
## HISTORY
March 2019, Originally compiled by Brent Baude <bbaude@redhat.com>
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md
index 5d941219a..201b10aa6 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md
@@ -73,6 +73,12 @@ The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
+**--disable-content-trust**
+
+This is a Docker specific option to disable image verification to a Docker
+registry and is not supported by Podman. This flag is a NOOP and provided
+solely for scripting compatibility.
+
**--override-os**=*OS*
Use OS instead of the running OS for choosing images
diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md
index f029c8db1..fffd76801 100644
--- a/docs/source/markdown/podman-push.1.md
+++ b/docs/source/markdown/podman-push.1.md
@@ -71,6 +71,12 @@ Note: This flag can only be set when using the **dir** transport
After copying the image, write the digest of the resulting image to the file. (Not available for remote commands)
+**--disable-content-trust**
+
+This is a Docker specific option to disable image verification to a Docker
+registry and is not supported by Podman. This flag is a NOOP and provided
+solely for scripting compatibility.
+
**--format**, **-f**=*format*
Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source)
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index de1d8aff6..88f457bdf 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -208,7 +208,7 @@ Specify the key sequence for detaching a container; _sequence_ is a comma-delimi
in which each item can be a single character from the [a-Z] range,
or **ctrl**-_value_, where _value_ is one of: **a-z** or **@^[,_**.
-This option can also be set in **libpod.conf**(5) file.
+This option can also be set in **containers.conf**(5) file.
Specifying "" will disable this feature. The default is **ctrl-p,ctrl-q**.
@@ -247,6 +247,12 @@ Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/d
Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**).
+**--disable-content-trust**
+
+This is a Docker specific option to disable image verification to a Docker
+registry and is not supported by Podman. This flag is a NOOP and provided
+solely for scripting compatibility.
+
**--dns**=*ipaddr*
Set custom DNS servers. Invalid if using **--dns** with **--network** that is set to **none** or **container:**_id_.
@@ -759,7 +765,7 @@ Security Options
- **seccomp=unconfined**: Turn off seccomp confinement for the container
- **seccomp**=_profile.json_: Allowed syscall list seccomp JSON file to be used as a seccomp filter
-Note: Labeling can be disabled for all containers by setting **label=false** in the **libpod.conf**(5) file.
+Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file.
**--shm-size**=_number_[_unit_]
@@ -936,6 +942,7 @@ The _options_ is a comma delimited list and can be: <sup>[[1]](#Footnote1)</sup>
* [**no**]**exec**
* [**no**]**dev**
* [**no**]**suid**
+* [**O**]
The _container-dir_ must be an absolute path.
@@ -947,7 +954,7 @@ the container is removed via the **--rm** flag or **podman rm --volumes**.
If a volume source is specified, it must be a path on the host or the name of a
named volume. Host paths are allowed to be absolute or relative; relative paths
are resolved relative to the directory Podman is run in. Any source that does
-not begin with a **.** or **/** it will be treated as the name of a named volume.
+not begin with a **.** or **/** will be treated as the name of a named volume.
If a volume with that name does not exist, it will be created. Volumes created
with names are not anonymous and are not removed by **--rm** and
**podman rm --volumes**.
@@ -958,6 +965,8 @@ container.
You can add **:ro** or **:rw** option to mount a volume in read-only or
read-write mode, respectively. By default, the volumes are mounted read-write.
+ `Labeling Volume Mounts`
+
Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
prevent the processes running inside the container from using the content. By
@@ -969,9 +978,41 @@ objects on the shared volumes. The **z** option tells Podman that two containers
share the volume content. As a result, Podman labels the content with a shared
content label. Shared volume labels allow all containers to read/write content.
The **Z** option tells Podman to label the content with a private unshared label.
+
+ `Overlay Volume Mounts`
+
+ The `:O` flag tells Podman to mount the directory from the host as a
+temporary storage using the `overlay file system`. The container processes
+can modify content within the mountpoint which is stored in the
+container storage in a separate directory. In overlay terms, the source
+directory will be the lower, and the container storage directory will be the
+upper. Modifications to the mount point are destroyed when the container
+finishes executing, similar to a tmpfs mount point being unmounted.
+
+ Subsequent executions of the container will see the original source directory
+content, any changes from previous container executions no longer exists.
+
+ One use case of the overlay mount is sharing the package cache from the
+host into the container to allow speeding up builds.
+
+ Note:
+
+ - The `O` flag conflicts with other options listed above.
+Content mounted into the container is labeled with the private label.
+ On SELinux systems, labels in the source directory must be readable
+by the container label. Usually containers can read/execute `container_share_t`
+and can read/write `container_file_t`. If you can not change the labels on a
+source volume, SELinux container separation must be disabled for the container
+to work.
+ - The source directory mounted into the container with an overlay mount
+should not be modified, it can cause unexpected failures. It is recommended
+that you do not modify the directory until the container finishes running.
+
Only the current container can use a private volume.
-By default bind mounted volumes are **private**. That means any mounts done
+ `Mounts propagation`
+
+By default bind mounted volumes are `private`. That means any mounts done
inside container will not be visible on host and vice versa. One can change
this behavior by specifying a volume mount propagation property. Making a
volume shared mounts done under that volume inside container will be
@@ -1220,14 +1261,16 @@ $ podman run -p 8080:80 -d -i -t fedora/httpd
To mount a host directory as a container volume, specify the absolute path to
the directory and the absolute path for the container directory separated by a
-colon. If the source is a named volume maintained by Podman, it's recommended to
-use it's name rather than the path to the volume. Otherwise the volume will be
+colon. If the source is a named volume maintained by Podman, it is recommended to
+use its name rather than the path to the volume. Otherwise the volume will be
considered as an orphan and wiped if you execute **podman volume prune**:
```
$ podman run -v /var/db:/data1 -i -t fedora bash
$ podman run -v data:/data2 -i -t fedora bash
+
+$ podman run -v /var/cache/dnf:/var/cache/dnf:O -ti fedora dnf -y update
```
Using **--mount** flags to mount a host directory as a container folder, specify
@@ -1362,9 +1405,10 @@ required for VPN, without it containers need to be run with the **--network=host
## ENVIRONMENT
Environment variables within containers can be set using multiple different options,
-in the following order of precedence:
+in the following order of precedence (later entries override earlier entries):
- **--env-host**: Host environment of the process executing Podman is added.
+- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details.
- Container image: Any environment variables specified in the container image.
- **--env-file**: Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry.
- **--env**: Any environment variables specified will override previous settings.
@@ -1389,7 +1433,7 @@ b
NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
## SEE ALSO
-**subgid**(5), **subuid**(5), **libpod.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1).
+**subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1).
## HISTORY
September 2018, updated by Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
@@ -1398,8 +1442,6 @@ October 2017, converted from Docker documentation to Podman by Dan Walsh for Pod
November 2015, updated by Sally O'Malley <somalley@redhat.com>
-July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2014, Originally compiled by William Henry <whenry@redhat.com> based on docker.com source material and internal work.
diff --git a/docs/source/markdown/podman-system-migrate.1.md b/docs/source/markdown/podman-system-migrate.1.md
index baabfd14b..29c0ef94b 100644
--- a/docs/source/markdown/podman-system-migrate.1.md
+++ b/docs/source/markdown/podman-system-migrate.1.md
@@ -33,7 +33,7 @@ This can be used after a system upgrade which changes the default OCI runtime to
There are no guarantees that the containers will continue to work under the new runtime, as some runtimes support differing options and configurations.
## SEE ALSO
-`podman(1)`, `libpod.conf(5)`, `usermod(8)`
+`podman(1)`, `containers.conf(5)`, `usermod(8)`
## HISTORY
April 2019, Originally compiled by Giuseppe Scrivano (gscrivan at redhat dot com)
diff --git a/docs/source/markdown/podman-system-renumber.1.md b/docs/source/markdown/podman-system-renumber.1.md
index 071eefe29..51c085606 100644
--- a/docs/source/markdown/podman-system-renumber.1.md
+++ b/docs/source/markdown/podman-system-renumber.1.md
@@ -9,9 +9,9 @@ podman\-system\-renumber - Migrate lock numbers to handle a change in maximum nu
## DESCRIPTION
**podman system renumber** renumbers locks used by containers and pods.
-Each Podman container and pod is allocated a lock at creation time, up to a maximum number controlled by the **num_locks** parameter in **libpod.conf**.
+Each Podman container and pod is allocated a lock at creation time, up to a maximum number controlled by the **num_locks** parameter in **containers.conf**.
-When all available locks are exhausted, no further containers and pods can be created until some existing containers and pods are removed. This can be avoided by increasing the number of locks available via modifying **libpod.conf** and subsequently running **podman system renumber** to prepare the new locks (and reallocate lock numbers to fit the new struct).
+When all available locks are exhausted, no further containers and pods can be created until some existing containers and pods are removed. This can be avoided by increasing the number of locks available via modifying **containers.conf** and subsequently running **podman system renumber** to prepare the new locks (and reallocate lock numbers to fit the new struct).
**podman system renumber** must be called after any changes to **num_locks** - failure to do so will result in errors starting Podman as the number of locks available conflicts with the configured number of locks.
@@ -20,7 +20,7 @@ When all available locks are exhausted, no further containers and pods can be cr
If possible, avoid calling **podman system renumber** while there are other Podman processes running.
## SEE ALSO
-`podman(1)`, `libpod.conf(5)`
+`podman(1)`, `containers.conf(5)`
## HISTORY
February 2019, Originally compiled by Matt Heon (mheon at redhat dot com)
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index c45c10243..776ee7a67 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -23,7 +23,7 @@ created by the other.
**--cgroup-manager**=*manager*
-CGroup manager to use for container cgroups. Supported values are cgroupfs or systemd. Default is systemd unless overridden in the libpod.conf file.
+The CGroup manager to use for container cgroups. Supported values are cgroupfs or systemd. Default is systemd unless overridden in the containers.conf file.
Note: Setting this flag can cause certain commands to break when called on containers previously created by the other CGroup manager type.
Note: CGroup manager is not supported in rootless mode when using CGroups Version V1.
@@ -32,7 +32,7 @@ Note: CGroup manager is not supported in rootless mode when using CGroups Versio
Path of the configuration directory for CNI networks. (Default: `/etc/cni/net.d`)
**--conmon**
-Path of the conmon binary (Default path is configured in `libpod.conf`)
+Path of the conmon binary (Default path is configured in `containers.conf`)
**--events-backend**=*type*
@@ -94,7 +94,7 @@ Default state dir configured in `/etc/containers/storage.conf`.
**--runtime**=*value*
-Name of the OCI runtime as specified in libpod.conf or absolute path to the OCI compatible binary used to run containers.
+Name of the OCI runtime as specified in containers.conf or absolute path to the OCI compatible binary used to run containers.
**--storage-driver**=*value*
@@ -217,11 +217,13 @@ the exit codes follow the `chroot` standard, see below:
## FILES
-**libpod.conf** (`/usr/share/containers/libpod.conf`)
+**containers.conf** (`/usr/share/containers/containers.conf`)
- libpod.conf is the configuration file for all tools using libpod to manage containers, when run as root. Administrators can override the defaults file by creating `/etc/containers/libpod.conf`. When Podman runs in rootless mode, the file `$HOME/.config/containers/libpod.conf` is created and replaces some fields in the system configuration file.
+ Podman has builtin defaults for command line options. These defaults can be overridden using the containers.conf configuration files.
- Podman uses builtin defaults if no libpod.conf file is found.
+Distributions ship the `/usr/share/containers/containers.conf` file with their default settings. Administrators can override fields in this file by creating the `/etc/containers/containers.conf` file. Users can further modify defaults by creating the `$HOME/.config/containers/containers.conf` file. Podman merges its builtin defaults with the specified fields from these files, if they exist. Fields specified in the users file override the administrator's file, which overrides the distribution's file, which override the built-in defaults.
+
+Podman uses builtin defaults if no containers.conf file is found.
**mounts.conf** (`/usr/share/containers/mounts.conf`)
@@ -280,7 +282,7 @@ The Network File System (NFS) and other distributed file systems (for example: L
For more information, please refer to the [Podman Troubleshooting Page](https://github.com/containers/libpod/blob/master/troubleshooting.md).
## SEE ALSO
-`containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `buildah(1)`, `libpod.conf(5)`, `oci-hooks(5)`, `containers-policy.json(5)`, `subuid(5)`, `subgid(5)`, `slirp4netns(1)`
+`containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `buildah(1)`, `containers.conf(5)`, `oci-hooks(5)`, `containers-policy.json(5)`, `subuid(5)`, `subgid(5)`, `slirp4netns(1)`
## HISTORY
Dec 2016, Originally compiled by Dan Walsh <dwalsh@redhat.com>
diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md
index 440e12062..821c07647 100644
--- a/docs/tutorials/rootless_tutorial.md
+++ b/docs/tutorials/rootless_tutorial.md
@@ -13,7 +13,7 @@ The alternative OCI runtime support for cgroup V2 can be turned on at the comma
```
sudo podman --runtime /usr/bin/crun
```
-or by changing the value for the "Default OCI runtime" in the libpod.conf file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`.
+or by changing the value for the "Default OCI runtime" in the containers.conf file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`.
## Administrator Actions
@@ -106,7 +106,7 @@ Once the Administrator has completed the setup on the machine and then the confi
### User Configuration Files
-The Podman configuration files for root reside in `/usr/share/containers` with overrides in `/etc/containers`. In the rootless environment they reside in `${XDG_CONFIG_HOME}/containers` (usually `~/.config/containers`) and are owned by each individual user. The main files are `libpod.conf` and `storage.conf` and the user can modify these files as they wish.
+The Podman configuration files for root reside in `/usr/share/containers` with overrides in `/etc/containers`. In the rootless environment they reside in `${XDG_CONFIG_HOME}/containers` (usually `~/.config/containers`) and are owned by each individual user. The main files are `containers.conf` and `storage.conf` and the user can modify these files as they wish.
The default authorization file used by the `podman login` and `podman logout` commands reside in `${XDG_RUNTIME_DIR}/containers/auth.json`.