8 files changed, 189 insertions, 29 deletions
diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md
index 878b31080..8deb8811e 100644
--- a/docs/podman-build.1.md
+++ b/docs/podman-build.1.md
@@ -375,18 +375,18 @@ to podman build, the option given would be `--runtime-flag log-format=json`.
 
 Security Options
 
-  "label=user:USER"   : Set the label user for the container
-  "label=role:ROLE"   : Set the label role for the container
-  "label=type:TYPE"   : Set the label type for the container
-  "label=level:LEVEL" : Set the label level for the container
-  "label=disable"     : Turn off label confinement for the container
-  "no-new-privileges" : Not supported
-
-  "seccomp=unconfined" : Turn off seccomp confinement for the container
-  "seccomp=profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
-
-  "apparmor=unconfined" : Turn off apparmor confinement for the container
-  "apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
+
+- `label=user:USER`     : Set the label user for the container processes
+- `label=role:ROLE`     : Set the label role for the container processes
+- `label=type:TYPE`     : Set the label process type for the container processes
+- `label=level:LEVEL`   : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable`       : Turn off label separation for the container
+
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` :  White listed syscalls seccomp Json file to be used as a seccomp filter
 
 **--shm-size**=*size*
 
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 50fca3541..7634408f5 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -582,6 +582,15 @@ port to a random port on the host within an *ephemeral port range* defined by
 `/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
 ports and the exposed ports, use `podman port`.
 
+**--pull**=*missing*
+
+Pull image before creating ("always"|"missing"|"never") (default "missing").
+       'missing': default value, attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist.Raise an error if the image is not in any listed registry and is not present locally.
+       'always': Pull the image from the first registry it is found in as listed in  registries.conf. Raise an error if not found in the registries, even if the image is present locally.
+       'never': do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
+
+Defaults to *missing*.
+
 **--quiet**, **-q**
 
 Suppress output information when pulling images
@@ -631,19 +640,20 @@ of the container is assumed to be managed externally.
 
 Security Options
 
-"apparmor=unconfined" : Turn off apparmor confinement for the container
-"apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
 
-"label=user:USER"   : Set the label user for the container
-"label=role:ROLE"   : Set the label role for the container
-"label=type:TYPE"   : Set the label type for the container
-"label=level:LEVEL" : Set the label level for the container
-"label=disable"     : Turn off label confinement for the container
+- `label=user:USER`     : Set the label user for the container processes
+- `label=role:ROLE`     : Set the label role for the container processes
+- `label=type:TYPE`     : Set the label process type for the container processes
+- `label=level:LEVEL`   : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable`       : Turn off label separation for the container
 
-"no-new-privileges" : Disable container processes from gaining additional privileges
+- `no-new-privileges` : Disable container processes from gaining additional privileges
 
-"seccomp=unconfined" : Turn off seccomp confinement for the container
-"seccomp=profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` :  White listed syscalls seccomp Json file to be used as a seccomp filter
 
 Note: Labeling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.
 
@@ -715,7 +725,7 @@ $ podman run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
 This command mounts a `tmpfs` at `/tmp` within the container.  The supported mount
 options are the same as the Linux default `mount` flags. If you do not specify
 any options, the systems uses the following options:
-`rw,noexec,nosuid,nodev,size=65536k`.
+`rw,noexec,nosuid,nodev`.
 
 **--tty**, **-t**=*true|false*
 
diff --git a/docs/podman-network-inspect.1.md b/docs/podman-network-inspect.1.md
new file mode 100644
index 000000000..576e61c79
--- /dev/null
+++ b/docs/podman-network-inspect.1.md
@@ -0,0 +1,50 @@
+% podman-network-inspect(1)
+
+## NAME
+podman\-network-inspect- Inspect one or more Podman networks
+
+## SYNOPSIS
+**podman network inspect**  [*network* ...]
+
+## DESCRIPTION
+Display the raw (JSON format) network configuration. This command is not available for rootless users.
+
+## EXAMPLE
+
+Inspect the default podman network
+
+```
+# podman network inspect podman
+[{
+    "cniVersion": "0.3.0",
+    "name": "podman",
+    "plugins": [
+      {
+        "type": "bridge",
+        "bridge": "cni0",
+        "isGateway": true,
+        "ipMasq": true,
+        "ipam": {
+            "type": "host-local",
+            "subnet": "10.88.1.0/24",
+            "routes": [
+                { "dst": "0.0.0.0/0" }
+            ]
+        }
+      },
+      {
+        "type": "portmap",
+        "capabilities": {
+          "portMappings": true
+        }
+      }
+    ]
+}
+]
+```
+
+## SEE ALSO
+podman(1), podman-network(1), podman-network-ls(1)
+
+## HISTORY
+August 2019, Originally compiled by Brent Baude <bbaude@redhat.com>
diff --git a/docs/podman-network-ls.1.md b/docs/podman-network-ls.1.md
new file mode 100644
index 000000000..725e07dbb
--- /dev/null
+++ b/docs/podman-network-ls.1.md
@@ -0,0 +1,43 @@
+% podman-network-ls(1)
+
+## NAME
+podman\-network-ls- Display a summary of CNI networks
+
+## SYNOPSIS
+**podman network ls**  [*options*]
+
+## DESCRIPTION
+Displays a list of existing podman networks. This command is not available for rootless users.
+
+## OPTIONS
+**--quiet**, **-q**
+
+The `quiet` options will restrict the output to only the network names
+
+## EXAMPLE
+
+Display networks
+
+```
+# podman network ls
+NAME      VERSION   PLUGINS
+podman    0.3.0     bridge,portmap
+podman2   0.3.0     bridge,portmap
+outside   0.3.0     bridge
+podman9   0.3.0     bridge,portmap
+```
+
+Display only network names
+```
+# podman network ls -q
+podman
+podman2
+outside
+podman9
+```
+
+## SEE ALSO
+podman(1), podman-network(1), podman-network-inspect(1)
+
+## HISTORY
+August 2019, Originally compiled by Brent Baude <bbaude@redhat.com>
diff --git a/docs/podman-network-rm.1.md b/docs/podman-network-rm.1.md
new file mode 100644
index 000000000..f72d6a694
--- /dev/null
+++ b/docs/podman-network-rm.1.md
@@ -0,0 +1,25 @@
+% podman-network-rm(1)
+
+## NAME
+podman\-network-rm- Delete a Podman CNI network
+
+## SYNOPSIS
+**podman network rm**  [*network...*]
+
+## DESCRIPTION
+Delete one or more Podman networks.
+
+## EXAMPLE
+
+Delete the `podman9` network
+
+```
+# podman network rm podman
+Deleted: podman9
+```
+
+## SEE ALSO
+podman(1), podman-network(1), podman-network-inspect(1)
+
+## HISTORY
+August 2019, Originally compiled by Brent Baude <bbaude@redhat.com>
diff --git a/docs/podman-network.1.md b/docs/podman-network.1.md
new file mode 100644
index 000000000..c01adc23e
--- /dev/null
+++ b/docs/podman-network.1.md
@@ -0,0 +1,21 @@
+% podman-network(1)
+
+## NAME
+podman\-network- Manage podman CNI networks
+
+## SYNOPSIS
+**podman network** *subcommand*
+
+## DESCRIPTION
+The network command manages CNI networks for Podman. It is not supported for rootless users.
+
+## COMMANDS
+
+| Command  | Man Page                                            | Description                                                                  |
+| -------  | --------------------------------------------------- | ---------------------------------------------------------------------------- |
+| inspect | [podman-network-inspect(1)](podman-network-inspect.1.md)| Displays the raw CNI network configuration for one or more networks|
+| ls | [podman-network-ls(1)](podman-network-ls.1.md)| Display a summary of CNI networks                        |
+| rm | [podman-network-rm(1)](podman-network-rm.1.md)| Remove one or more CNI networks                        |
+
+## SEE ALSO
+podman(1)
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index e7c898b25..33b5cbf9e 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -601,6 +601,15 @@ When using -P, podman will bind any exposed port to a random port on the host
 within an *ephemeral port range* defined by `/proc/sys/net/ipv4/ip_local_port_range`.
 To find the mapping between the host ports and the exposed ports, use `podman port`.
 
+**--pull**=*missing*
+
+Pull image before running ("always"|"missing"|"never") (default "missing").
+       'missing': default value, attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist.Raise an error if the image is not in any listed registry and is not present locally.
+       'always': Pull the image from the first registry it is found in as listed in  registries.conf. Raise an error if not found in the registries, even if the image is present locally.
+       'never': do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
+
+Defaults to *missing*.
+
 **--quiet**, **-q**
 
 Suppress output information when pulling images
@@ -656,11 +665,12 @@ Security Options
 - `apparmor=unconfined` : Turn off apparmor confinement for the container
 - `apparmor=your-profile` : Set the apparmor confinement profile for the container
 
-- `label=user:USER`   : Set the label user for the container
-- `label=role:ROLE`   : Set the label role for the container
-- `label=type:TYPE`   : Set the label type for the container
-- `label=level:LEVEL` : Set the label level for the container
-- `label=disable`     : Turn off label confinement for the container
+- `label=user:USER`     : Set the label user for the container processes
+- `label=role:ROLE`     : Set the label role for the container processes
+- `label=type:TYPE`     : Set the label process type for the container processes
+- `label=level:LEVEL`   : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable`       : Turn off label separation for the container
 
 - `no-new-privileges` : Disable container processes from gaining additional privileges
 
@@ -752,7 +762,7 @@ $ podman run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
 This command mounts a `tmpfs` at `/tmp` within the container.  The supported mount
 options are the same as the Linux default `mount` flags. If you do not specify
 any options, the systems uses the following options:
-`rw,noexec,nosuid,nodev,size=65536k`.
+`rw,noexec,nosuid,nodev`.
 
 **--tty**, **-t**=*true|false*
 
diff --git a/docs/podman.1.md b/docs/podman.1.md
index 12b7866ca..33ea81ef6 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -161,6 +161,7 @@ the exit codes follow the `chroot` standard, see below:
 | [podman-logout(1)](podman-logout.1.md)           | Logout of a container registry.                                             |
 | [podman-logs(1)](podman-logs.1.md)               | Display the logs of a container.                                            |
 | [podman-mount(1)](podman-mount.1.md)             | Mount a working container's root filesystem.                                |
+| [podman-network(1)](podman-network.1.md)         | Manage Podman CNI networks.                                |
 | [podman-pause(1)](podman-pause.1.md)             | Pause one or more containers.                                               |
 | [podman-play(1)](podman-play.1.md)               | Play pods and containers based on a structured input file.                  |
 | [podman-pod(1)](podman-pod.1.md)                 | Management tool for groups of containers, called pods.                      |