summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/source/Tutorials.rst2
-rw-r--r--docs/source/includes.rst2
-rw-r--r--docs/source/markdown/podman-auto-update.1.md42
-rw-r--r--docs/source/markdown/podman-create.1.md36
-rw-r--r--docs/source/markdown/podman-pod-ps.1.md59
-rw-r--r--docs/source/markdown/podman-pull.1.md2
-rw-r--r--docs/source/markdown/podman-run.1.md39
-rw-r--r--docs/tutorials/README.md6
-rw-r--r--docs/tutorials/basic_networking.md2
-rw-r--r--docs/tutorials/podman-go-bindings.md543
-rw-r--r--docs/tutorials/rootless_tutorial.md54
11 files changed, 152 insertions, 635 deletions
diff --git a/docs/source/Tutorials.rst b/docs/source/Tutorials.rst
index e48d1e853..cb9ab644d 100644
--- a/docs/source/Tutorials.rst
+++ b/docs/source/Tutorials.rst
@@ -10,5 +10,5 @@ Here are a number of useful tutorials to get you up and running with Podman. If
* `How to sign and distribute container images using Podman <https://github.com/containers/podman/blob/master/docs/tutorials/image_signing.md>`_: Learn how to setup and use image signing with Podman.
* `Podman remote-client tutorial <https://github.com/containers/podman/blob/master/docs/tutorials/remote_client.md>`_: A brief how-to on using the Podman remote-client.
* `How to use libpod for custom/derivative projects <https://github.com/containers/podman/blob/master/docs/tutorials/podman-derivative-api.md>`_: How the libpod API can be used within your own project.
-* `How to use Podman's Go bindings <https://github.com/containers/podman/blob/master/docs/tutorials/podman-go-bindings.md>`_: A brief how-to on using Podman's Go bindings in external applications.
+* `How to use Podman's Go RESTful bindings <https://github.com/containers/podman/tree/main/pkg/bindings>`_: An introduction to using our RESTful Golang bindings in an external application.
* `Common network setups <https://github.com/containers/podman/blob/master/docs/tutorials/basic_networking.md>`_: A basic guide to common network setups for Podman.
diff --git a/docs/source/includes.rst b/docs/source/includes.rst
index 8d3b6e2db..6e04d77f4 100644
--- a/docs/source/includes.rst
+++ b/docs/source/includes.rst
@@ -16,4 +16,4 @@
.. _podman run: http://docs.podman.io/en/latest/markdown/podman-run.1.html
.. _podman build: http://docs.podman.io/en/latest/markdown/podman-build.1.html
.. _podman push: http://docs.podman.io/en/latest/markdown/podman-push.1.html
-.. image:: https://github.com/containers/podman/blob/master/logo/podman-logo.png?raw=true
+.. image:: https://github.com/containers/podman/blob/main/logo/podman-logo.png?raw=true
diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md
index 24b910470..106b9b00a 100644
--- a/docs/source/markdown/podman-auto-update.1.md
+++ b/docs/source/markdown/podman-auto-update.1.md
@@ -41,6 +41,27 @@ If the authorization state is not found there, `$HOME/.docker/config.json` is ch
Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**.
+#### **--dry-run**=*true|false*
+
+Check for the availability of new images but do not perform any pull operation or restart any service or container.
+The `UPDATED` field indicates the availability of a new image with "pending".
+
+#### **--format**=*format*
+
+Change the default output format. This can be of a supported type like 'json' or a Go template.
+Valid placeholders for the Go template are listed below:
+
+| **Placeholder** | **Description** |
+| --------------- | -------------------------------------- |
+| .Unit | Name of the systemd unit |
+| .ContainerName | Name of the container |
+| .ContainerID | ID of the container |
+| .Container | ID and name of the container |
+| .Image | Name of the image |
+| .Policy | Auto-update policy of the container |
+| .Updated | Update status: true,false,failed |
+
+
## EXAMPLES
Autoupdate with registry policy
@@ -48,26 +69,31 @@ Autoupdate with registry policy
### Start a container
$ podman run --label "io.containers.autoupdate=registry" \
--label "io.containers.autoupdate.authfile=/some/authfile.json" \
- -d busybox:latest top
+ -d --name=test registry.fedoraproject.org/fedora:latest sleep infinity
bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
### Generate a systemd unit for this container
$ podman generate systemd --new --files bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
-/home/user/containers/libpod/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
+/home/user/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
### Load the new systemd unit and start it
-$ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user
+$ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user/container-test.service
$ systemctl --user daemon-reload
### If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
$ podman stop bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
$ podman rm bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
-$ systemctl --user start container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
+$ systemctl --user start container-test.service
-### Auto-update the container
+### Check if a newer image is available
+$ podman auto-update --dry-run --format "{{.Image}} {{.Updated}}"
+registry.fedoraproject.org/fedora:latest pending
+
+### Autoupdate the services
$ podman auto-update
-container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
+UNIT CONTAINER IMAGE POLICY UPDATED
+container-test.service 08fd34e533fd (test) registry.fedoraproject.org/fedora:latest registry false
```
Autoupdate with local policy
@@ -80,7 +106,7 @@ be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
### Generate a systemd unit for this container
$ podman generate systemd --new --files be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
-/home/user/containers/libpod/container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
+/home/user/container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
### Load the new systemd unit and start it
$ mv ./container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service ~/.config/systemd/user
@@ -102,7 +128,7 @@ $ podman commit --change CMD=/bin/bash inspiring_galileo busybox:latest
### Auto-update the container
$ podman auto-update
-container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
+[...]
```
## SEE ALSO
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 2c51b312d..1720e6eb6 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -646,7 +646,7 @@ Valid _mode_ values are:
- **ns:**_path_: path to a network namespace to join;
- **private**: create a new namespace for the container (default)
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
- - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+ - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`, which is added to `/etc/hosts` as `host.containers.internal` for your convenience). Default is false.
- **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
- **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
- **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
@@ -858,7 +858,7 @@ Secrets and its storage are managed using the `podman secret` command.
Secret Options
- `type=mount|env` : How the secret will be exposed to the container. Default mount.
-- `target=target` : Target of secret. Defauts to secret name.
+- `target=target` : Target of secret. Defaults to secret name.
- `uid=0` : UID of secret. Defaults to 0. Mount secret type only.
- `gid=0` : GID of secret. Defaults to 0. Mount secret type only.
- `mode=0` : Mode of secret. Defaults to 0444. Mount secret type only.
@@ -1086,14 +1086,28 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USERN
Valid _mode_ values are:
-- **auto[:**_OPTIONS,..._**]**: automatically create a namespace. It is possible to specify these options to `auto`:
- - **gidmapping=**_HOST_GID:CONTAINER_GID:SIZE_: to force a GID mapping to be present in the user namespace.
- - **size=**_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
- - **uidmapping=**_HOST_UID:CONTAINER_UID:SIZE_: to force a UID mapping to be present in the user namespace.
-- **container:**_id_: join the user namespace of the specified container.
-- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+**auto**[:_OPTIONS,..._]: automatically create a unique user namespace.
+
+The `--userns=auto` flag, requires that the user name `containers` and a range of subordinate user ids that the Podman container is allowed to use be specified in the /etc/subuid and /etc/subgid files.
+
+Example: `containers:2147483647:2147483648`.
+
+Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode
+
+ Valid `auto`options:
+
+ - *gidmapping*=_HOST_GID:CONTAINER_GID:SIZE_: to force a GID mapping to be present in the user namespace.
+ - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
+ - *uidmapping*=_HOST_UID:CONTAINER_UID:SIZE_: to force a UID mapping to be present in the user namespace.
+
+**container:**_id_: join the user namespace of the specified container.
+
+**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+
- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
+
- **ns:**_namespace_: run the container in the given existing user namespace.
+
- **private**: create a new namespace for the container.
This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
@@ -1353,6 +1367,12 @@ the uids and gids from the host.
$ podman create --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello
```
+### Setting automatic user namespace separated containers
+
+```
+# podman create --userns=auto:size=65536 ubi8-init
+```
+
### Configure timezone in a container
```
diff --git a/docs/source/markdown/podman-pod-ps.1.md b/docs/source/markdown/podman-pod-ps.1.md
index c1f5fd5e3..156adccaa 100644
--- a/docs/source/markdown/podman-pod-ps.1.md
+++ b/docs/source/markdown/podman-pod-ps.1.md
@@ -12,7 +12,9 @@ By default it lists:
* pod id
* pod name
+ * the time the pod was created
* number of containers attached to pod
+ * container id of the pod infra container
* status of pod as defined by the following table
| **Status** | **Description** |
@@ -28,15 +30,15 @@ By default it lists:
#### **--ctr-names**
-Includes the container names in the container info field
+Display the container names
#### **--ctr-ids**
-Includes the container IDs in the container info field
+Display the container IDs
#### **--ctr-status**
-Includes the container statuses in the container info field
+Display the container statuses
#### **--latest**, **-l**
@@ -111,62 +113,55 @@ Print usage statement
```
$ podman pod ps
-POD ID NAME STATUS NUMBER OF CONTAINERS
-00dfd6fa02c0 jolly_goldstine Running 1
-f4df8692e116 nifty_torvalds Created 2
+POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
+00dfd6fa02c0 jolly_goldstine Running 31 hours ago ba465ab0a3a4 1
+f4df8692e116 nifty_torvalds Created 10 minutes ago 331693bff40a 2
```
```
$ podman pod ps --ctr-names
-POD ID NAME STATUS CONTAINER INFO
-00dfd6fa02c0 jolly_goldstine Running [ loving_archimedes ]
-f4df8692e116 nifty_torvalds Created [ thirsty_hawking ] [ wizardly_golick ]
+POD ID NAME STATUS CREATED INFRA ID NAMES
+00dfd6fa02c0 jolly_goldstine Running 31 hours ago ba465ab0a3a4 loving_archimedes
+f4df8692e116 nifty_torvalds Created 10 minutes ago 331693bff40a thirsty_hawking,wizardly_golick
```
```
$ podman pod ps --ctr-status --ctr-names --ctr-ids
-POD ID NAME STATUS CONTAINER INFO
-00dfd6fa02c0 jolly_goldstine Running [ ba465ab0a3a4 loving_archimedes Running ]
-f4df8692e116 nifty_torvalds Created [ 331693bff40a thirsty_hawking Created ] [ 8e428daeb89e wizardly_golick Created ]
+POD ID NAME STATUS CREATED INFRA ID IDS NAMES STATUS
+00dfd6fa02c0 jolly_goldstine Running 31 hours ago ba465ab0a3a4 ba465ab0a3a4 loving_archimedes running
+f4df8692e116 nifty_torvalds Created 10 minutes ago 331693bff40a 331693bff40a,8e428daeb89e thirsty_hawking,wizardly_golick configured,configured
```
```
-$ podman pod ps --format "{{.ID}} {{.ContainerInfo}} {{.Cgroup}}" --ctr-names
-00dfd6fa02c0 [ loving_archimedes ] /libpod_parent
-f4df8692e116 [ thirsty_hawking ] [ wizardly_golick ] /libpod_parent
-```
-
-```
-$ podman pod ps --cgroup
-POD ID NAME STATUS NUMBER OF CONTAINERS CGROUP USE POD CGROUP
-00dfd6fa02c0 jolly_goldstine Running 1 /libpod_parent true
-f4df8692e116 nifty_torvalds Created 2 /libpod_parent true
+$ podman pod ps --format "{{.ID}} {{.ContainerNames}} {{.Cgroup}}"
+00dfd6fa02c0 loving_archimedes /libpod_parent
+f4df8692e116 thirsty_hawking,wizardly_golick /libpod_parent
```
```
$ podman pod ps --sort id --filter ctr-number=2
-POD ID NAME STATUS NUMBER OF CONTAINERS
-f4df8692e116 nifty_torvalds Created 2
+POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
+f4df8692e116 nifty_torvalds Created 10 minutes ago 331693bff40a 2
```
```
$ podman pod ps --ctr-ids
-POD ID NAME STATUS CONTAINER INFO
-00dfd6fa02c0 jolly_goldstine Running [ ba465ab0a3a4 ]
-f4df8692e116 nifty_torvalds Created [ 331693bff40a ] [ 8e428daeb89e ]
+POD ID NAME STATUS CREATED INFRA ID IDS
+00dfd6fa02c0 jolly_goldstine Running 31 hours ago ba465ab0a3a4 ba465ab0a3a4
+f4df8692e116 nifty_torvalds Created 10 minutes ago 331693bff40a 331693bff40a,8e428daeb89e
```
```
$ podman pod ps --no-trunc --ctr-ids
-POD ID NAME STATUS CONTAINER INFO
-00dfd6fa02c0a2daaedfdf8fcecd06f22ad114d46d167d71777224735f701866 jolly_goldstine Running [ ba465ab0a3a4e15e3539a1e79c32d1213a02b0989371e274f98e0f1ae9de7050 ]
-f4df8692e116a3e6d1d62572644ed36ca475d933808cc3c93435c45aa139314b nifty_torvalds Created [ 331693bff40a0ef2f05a3aba73ce49e3243108911927fff04d1f7fc44dda8022 ] [ 8e428daeb89e69b71e7916a13accfb87d122889442b5c05c2d99cf94a3230e9d ]
+POD ID NAME STATUS CREATED INFRA ID IDS
+00dfd6fa02c0a2daaedfdf8fcecd06f22ad114d46d167d71777224735f701866 jolly_goldstine Running 31 hours ago ba465ab0a3a4e15e3539a1e79c32d1213a02b0989371e274f98e0f1ae9de7050 ba465ab0a3a4e15e3539a1e79c32d1213a02b0989371e274f98e0f1ae9de7050
+f4df8692e116a3e6d1d62572644ed36ca475d933808cc3c93435c45aa139314b nifty_torvalds Created 10 minutes ago 331693bff40a926b6d52b184e116afd15497610c378d5d4c42945dd6e33b75b0 331693bff40a926b6d52b184e116afd15497610c378d5d4c42945dd6e33b75b0,8e428daeb89e69b71e7916a13accfb87d122889442b5c05c2d99cf94a3230e9d
```
```
$ podman pod ps --ctr-names
-POD ID NAME STATUS CONTAINER INFO
-314f4da82d74 hi Created [ jovial_jackson ] [ hopeful_archimedes ] [ vibrant_ptolemy ] [ heuristic_jennings ] [ keen_raman ] [ hopeful_newton ] [ mystifying_bose ] [ silly_lalande ] [ serene_lichterman ] ...
+POD ID NAME STATUS CREATED INFRA ID NAMES
+314f4da82d74 hi Created 17 hours ago a9f2d2165675 jovial_jackson,hopeful_archimedes,vibrant_ptolemy,heuristic_jennings,keen_raman,hopeful_newton,mystifying_bose,silly_lalande,serene_lichterman ...
```
## pod ps
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md
index 10661e16e..189464d17 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md
@@ -182,7 +182,7 @@ Storing signatures
d6e46aa2470df1d32034c6707c8041158b652f38d2a9ae3d7ad7e7532d22ebe0
```
-Pull an image by specifiying an authentication file.
+Pull an image by specifying an authentication file.
```
$ podman pull --authfile temp-auths/myauths.json docker://docker.io/umohnani/finaltest
Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 6027a14a5..ce0cf1a2f 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -680,7 +680,7 @@ Valid _mode_ values are:
- **ns:**_path_: path to a network namespace to join;
- **private**: create a new namespace for the container (default)
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
- - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+ - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`, which is added to `/etc/hosts` as `host.containers.internal` for your convenience). Default is false.
- **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
- **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
- **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
@@ -908,7 +908,7 @@ Secrets and its storage are managed using the `podman secret` command.
Secret Options
- `type=mount|env` : How the secret will be exposed to the container. Default mount.
-- `target=target` : Target of secret. Defauts to secret name.
+- `target=target` : Target of secret. Defaults to secret name.
- `uid=0` : UID of secret. Defaults to 0. Mount secret type only.
- `gid=0` : GID of secret. Defaults to 0. Mount secret type only.
- `mode=0` : Mode of secret. Defaults to 0444. Mount secret type only.
@@ -1159,14 +1159,28 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USERN
Valid _mode_ values are:
-- **auto[:**_OPTIONS,..._**]**: automatically create a namespace. It is possible to specify these options to `auto`:
- - **gidmapping=**_HOST_GID:CONTAINER_GID:SIZE_: to force a GID mapping to be present in the user namespace.
- - **size=**_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
- - **uidmapping=**_HOST_UID:CONTAINER_UID:SIZE_: to force a UID mapping to be present in the user namespace.
-- **container:**_id_: join the user namespace of the specified container.
-- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+**auto**[:_OPTIONS,..._]: automatically create a unique user namespace.
+
+The `--userns=auto` flag, requires that the user name `containers` and a range of subordinate user ids that the Podman container is allowed to use be specified in the /etc/subuid and /etc/subgid files.
+
+Example: `containers:2147483647:2147483648`.
+
+Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode
+
+ Valid `auto`options:
+
+ - *gidmapping*=_HOST_GID:CONTAINER_GID:SIZE_: to force a GID mapping to be present in the user namespace.
+ - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
+ - *uidmapping*=_HOST_UID:CONTAINER_UID:SIZE_: to force a UID mapping to be present in the user namespace.
+
+**container:**_id_: join the user namespace of the specified container.
+
+**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+
- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
+
- **ns:**_namespace_: run the container in the given existing user namespace.
+
- **private**: create a new namespace for the container.
This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
@@ -1676,6 +1690,15 @@ $ echo "asdf" | podman run --rm -i --entrypoint /bin/cat someimage
asdf
```
+### Setting automatic user namespace separated containers
+
+```
+# podman run --userns=auto:size=65536 ubi8-micro cat /proc/self/uid_map
+0 2147483647 65536
+# podman run --userns=auto:size=65536 ubi8-micro cat /proc/self/uid_map
+0 2147549183 65536
+```
+
### Setting Namespaced Kernel Parameters (Sysctls)
The **--sysctl** sets namespaced kernel parameters (sysctls) in the
diff --git a/docs/tutorials/README.md b/docs/tutorials/README.md
index 455459062..2a3c85c55 100644
--- a/docs/tutorials/README.md
+++ b/docs/tutorials/README.md
@@ -28,10 +28,6 @@ How the libpod API can be used within your own project.
Learn how to setup and use image signing with Podman.
-**[Go Bindings](podman-go-bindings.md)**
-
-A brief how-to on using Podman's Go bindings in external applications.
-
-**[Go Bindings](basic_networking.md)**
+**[Basic Networking](basic_networking.md)**
A basic guide to common network setups with Podman
diff --git a/docs/tutorials/basic_networking.md b/docs/tutorials/basic_networking.md
index 850bf6681..e47661ddf 100644
--- a/docs/tutorials/basic_networking.md
+++ b/docs/tutorials/basic_networking.md
@@ -237,7 +237,7 @@ port like 8080.
$ podman run -dt --name webserver -p 8080:80 quay.io/libpod/banner
17ea33ccd7f55ff45766b3ec596b990a5f2ba66eb9159cb89748a85dc3cebfe0
```
-Because rootfull containers cannot communicate with each other directly with TCP/IP
+Because rootless containers cannot communicate with each other directly with TCP/IP
via IP addresses, the host and the port mapping are used. To do so, the IP address
of the host (interface) must be known.
```
diff --git a/docs/tutorials/podman-go-bindings.md b/docs/tutorials/podman-go-bindings.md
deleted file mode 100644
index 2bbf4e5de..000000000
--- a/docs/tutorials/podman-go-bindings.md
+++ /dev/null
@@ -1,543 +0,0 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
-
-# Podman Go bindings
-
-## Introduction
-
-In the release of Podman 2.0, we removed the experimental tag
-from its recently introduced RESTful service. While it might
-be interesting to interact with a RESTFul server using curl,
-using a set of Go based bindings is probably a more direct
-route to a production ready application. Let’s take a look
-at how easily that can be accomplished.
-
-If you haven't yet, [install Go](https://golang.org/doc/install).
-
-Be careful to double-check that the version of golang is new
-enough (i.e. `go version`), version 1.13.x or higher is
-supported. If needed, Go sources and binaries can be fetched
-from the [official Go website](https://golang.org/dl/).
-
-The Podman Go bindings are a set of functions to allow
-developers to execute Podman operations from within their Go
-based application. The Go bindings connect to a Podman service
-which can run locally or on a remote machine. You can perform
-many operations including pulling and listing images, starting,
-stopping or inspecting containers. Currently, the Podman
-repository has bindings available for operations on images,
-containers, pods, networks and manifests among others. The
-bindings are available on the [v2.0 branch in the
-upstream Podman repository](https://github.com/containers/podman/tree/v2.0).
-You can fetch the bindings for your application using Go modules:
-
-```bash
-$ cd $HOME
-$ mkdir example && cd example
-$ go mod init example.com
-go: creating new go.mod: module example.com
-$ go get github.com/containers/podman/v3
-[...]
-```
-
-This creates a new `go.mod` file in the current directory that looks as follows:
-
-```bash
-module example.com
-
-go 1.16
-
-require github.com/containers/libpod/v3 v3.0.1 // indirect
-```
-
-You can also try a demo application with the Go modules created already:
-
-```bash
-$ git clone https://github.com/containers/Demos
-$ cd Demos/podman_go_bindings
-$ ls
-README.md go.mod go.sum main.go
-```
-
-
-## How do I use them
-
-In this tutorial, you will learn through basic examples how to:
-
-0. [Start the Podman system service](#start-service)
-1. [Connect to the Podman system service](#connect-service)
-2. [Pull images](#pull-images)
-3. [List images](#list-images)
-4. [Create and start a container from an image](#create-start-container)
-5. [List containers](#list-containers)
-6. [Inspect the container](#inspect-container)
-7. [Stop the container](#stop-container)
-8. [Debugging tips](#debugging-tips)
-
-
-### Start the Podman system service <a name="start-service"></a>
-The recommended way to start Podman system service in production mode
-is via systemd socket-activation:
-
-```bash
-$ systemctl --user start podman.socket
-```
-
-There’s no timeout specified when starting the system service via socket-activation.
-
-For purposes of this demo, we will start the service using the Podman
-command itself. If you prefer the system service to timeout after, say,
-5000 seconds, you can run it like so:
-
-```bash
-$ podman system service -t 5000
-```
-
-Note that the 5000 seconds uptime is refreshed after every command is received.
-If you want the service to stay up until the machine is shutdown or the process
-is terminated, use `0` (zero) instead of 5000. For this demo, we will use no timeout:
-
-```bash
-$ podman system service -t 0
-```
-
-
-Open another terminal window and check if the Podman socket exists:
-
-```bash
-$ ls /run/user/${UID}/podman
-podman.sock
-```
-
-If you’re running the system service as root, podman.sock will be found in /run/podman:
-```bash
-# ls /run/podman
-podman.sock
-```
-
-
-### Connect to the Podman system service <a name="connect-service"></a>
-First, you need to create a connection that connects to the system service.
-The critical piece of information for setting up a new connection is the endpoint.
-The endpoint comes in the form of an URI (method:/path/to/socket). For example,
-to connect to the local rootful socket the URI would be `unix:/run/podman/podman.sock`
-and for a rootless user it would be `unix:$(XDG_RUNTIME_DIR)/podman/podman.sock`,
-typically: `unix:/run/user/${UID}/podman/podman.sock`.
-
-
-The following Go example snippet shows how to set up a connection for a rootless user.
-```Go
-package main
-
-import (
- "context"
- "fmt"
- "os"
-
- "github.com/containers/libpod/v3/libpod/define"
- "github.com/containers/libpod/v3/pkg/bindings"
- "github.com/containers/libpod/v3/pkg/bindings/containers"
- "github.com/containers/libpod/v3/pkg/bindings/images"
- "github.com/containers/libpod/v3/pkg/domain/entities"
- "github.com/containers/libpod/v3/pkg/specgen"
-)
-
-func main() {
- fmt.Println("Welcome to the Podman Go bindings tutorial")
-
- // Get Podman socket location
- sock_dir := os.Getenv("XDG_RUNTIME_DIR")
- socket := "unix:" + sock_dir + "/podman/podman.sock"
-
- // Connect to Podman socket
- connText, err := bindings.NewConnection(context.Background(), socket)
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
-}
-```
-
-The `connText` variable received from the NewConnection function is of type
-context.Context(). In subsequent uses of the bindings, you will use this context
-to direct the bindings to your connection. This can be seen in the examples below.
-
-### Pull an image <a name="pull-images"></a>
-
-Next, we will pull a couple of images using the images.Pull() binding.
-This binding takes three arguments:
- - The context variable created by the bindings.NewConnection() call in the first example
- - The image name
- - Options for image pull
-
-**Append the following lines to your function:**
-
-```Go
- // Pull Busybox image (Sample 1)
- fmt.Println("Pulling Busybox image...")
- _, err = images.Pull(connText, "docker.io/busybox", &images.PullOptions{})
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
-
- // Pull Fedora image (Sample 2)
- rawImage := "registry.fedoraproject.org/fedora:latest"
- fmt.Println("Pulling Fedora image...")
- _, err = images.Pull(connText, rawImage, &images.PullOptions{})
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
-```
-
-**Run it:**
-
-```bash
-$ go run main.go
-Welcome to the Podman Go bindings tutorial
-Pulling Busybox image...
-Pulling Fedora image...
-$
-```
-
-The system service side should echo messages like so:
-
-```bash
-Trying to pull docker.io/busybox...
-Getting image source signatures
-Copying blob 61c5ed1cbdf8 [--------------------------------------] 0.0b / 0.0b
-Copying config 018c9d7b79 done
-Writing manifest to image destination
-Storing signatures
-Trying to pull registry.fedoraproject.org/fedora:latest...
-Getting image source signatures
-Copying blob dd9f43919ba0 [--------------------------------------] 0.0b / 0.0b
-Copying config 00ff39a8bf done
-Writing manifest to image destination
-Storing signatures
-```
-
-
-### List images <a name="list-images"></a>
-Next, we will pull an image using the images.List() binding.
-This binding takes three arguments:
- - The context variable created earlier
- - An optional bool 'all'
- - An optional map of filters
-
-**Append the following lines to your function:**
-
-```Go
- // List images
- imageSummary, err := images.List(connText, &images.ListOptions{})
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
- var names []string
- for _, i := range imageSummary {
- names = append(names, i.RepoTags...)
- }
- fmt.Println("Listing images...")
- fmt.Println(names)
-```
-
-**Run it:**
-
-```bash
-$ go run main.go
-Welcome to the Podman Go bindings tutorial
-Pulling Busybox image...
-Pulling Fedora image...
-Listing images...
-[docker.io/library/busybox:latest registry.fedoraproject.org/fedora:latest]
-$
-```
-
-
-### Create and Start a Container from an Image <a name="create-start-container"></a>
-
-To create the container spec, we use specgen.NewSpecGenerator() followed by
-calling containers.CreateWithSpec() to actually create a new container.
-specgen.NewSpecGenerator() takes 2 arguments:
- - name of the image
- - whether it's a rootfs
-
-containers.CreateWithSpec() takes 2 arguments:
- - the context created earlier
- - the spec created by NewSpecGenerator
-
-Next, the container is actually started using the containers.Start() binding.
-containers.Start() takes three arguments:
- - the context
- - the name or ID of the container created
- - an optional parameter for detach keys
-
-After the container is started, it's a good idea to ensure the container is
-in a running state before you proceed with further operations.
-The containers.Wait() takes care of that.
-containers.Wait() takes three arguments:
- - the context
- - the name or ID of the container created
- - container state (running/paused/stopped)
-
-**Append the following lines to your function:**
-
-```Go
- // Container create
- s := specgen.NewSpecGenerator(rawImage, false)
- s.Terminal = true
- r, err := containers.CreateWithSpec(connText, s, nil)
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
-
- // Container start
- fmt.Println("Starting Fedora container...")
- err = containers.Start(connText, r.ID, nil)
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
-
- running := define.ContainerStateRunning
- _, err = containers.Wait(connText, r.ID, &containers.WaitOptions{Condition: []define.ContainerStatus{running}})
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
-```
-
-**Run it:**
-
-```bash
-$ go run main.go
-Welcome to the Podman Go bindings tutorial
-Pulling image...
-Starting Fedora container...
-$
-```
-
-Check if the container is running:
-
-```bash
-$ podman ps
-CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
-665831d31e90 registry.fedoraproject.org/fedora:latest /bin/bash Less than a second ago Up Less than a second ago dazzling_mclean
-$
-```
-
-
-### List Containers <a name="list-containers"></a>
-
-Containers can be listed using the containers.List() binding.
-containers.List() takes seven arguments:
- - the context
- - output filters
- - boolean to show all containers, by default only running containers are listed
- - number of latest created containers, all states (running/paused/stopped)
- - boolean to print pod information
- - boolean to print rootfs size
- - boolean to print oci runtime and container state
-
-**Append the following lines to your function:**
-
-```Go
- // Container list
- var latestContainers = 1
- containerLatestList, err := containers.List(connText, &containers.ListOptions{Last: &latestContainers})
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
- fmt.Printf("Latest container is %s\n", containerLatestList[0].Names[0])
-```
-
-**Run it:**
-
-```bash
-$ go run main.go
-Welcome to the Podman Go bindings tutorial
-Pulling Busybox image...
-Pulling Fedora image...
-Listing images...
-[docker.io/library/busybox:latest registry.fedoraproject.org/fedora:latest]
-Starting Fedora container...
-Latest container is dazzling_mclean
-$
-```
-
-
-### Inspect Container <a name="inspect-container"></a>
-Containers can be inspected using the containers.Inspect() binding.
-containers.Inspect() takes 3 arguments:
- - context
- - image name or ID
- - optional boolean to check for container size
-
-
-**Append the following lines to your function:**
-
-```Go
- // Container inspect
- ctrData, err := containers.Inspect(connText, r.ID, nil)
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
- fmt.Printf("Container uses image %s\n", ctrData.ImageName)
- fmt.Printf("Container running status is %s\n", ctrData.State.Status)
-```
-
-**Run it:**
-
-```bash
-$ go run main.go
-Welcome to the Podman Go bindings tutorial
-Pulling Busybox image...
-Pulling Fedora image...
-Listing images...
-[docker.io/library/busybox:latest registry.fedoraproject.org/fedora:latest]
-Starting Fedora container...
-Latest container is peaceful_noether
-Fedora Container uses image registry.fedoraproject.org/fedora:latest
-Fedora Container running status is running
-$
-```
-
-
-### Stop Container <a name="stop-container"></a>
-
-A container can be stopped by the containers.Stop() binding.
-containers.Stop() takes 3 arguments:
- - context
- - image name or ID
- - optional timeout
-
-**Append the following lines to your function:**
-
-```Go
- // Container stop
- fmt.Println("Stopping the container...")
- err = containers.Stop(connText, r.ID, nil)
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
- ctrData, err = containers.Inspect(connText, r.ID, nil)
- if err != nil {
- fmt.Println(err)
- os.Exit(1)
- }
- fmt.Printf("Container running status is now %s\n", ctrData.State.Status)
-```
-
-**Run it:**
-
-```bash
-$ go run main.go
-Welcome to the Podman Go bindings tutorial
-Pulling Busybox image...
-Pulling Fedora image...
-Listing images...
-[docker.io/library/busybox:latest registry.fedoraproject.org/fedora:latest]
-Starting Fedora container...
-Latest container is peaceful_noether
-Fedora Container uses image registry.fedoraproject.org/fedora:latest
-Fedora Container running status is running
-Stopping Fedora container...
-Container running status is now exited
-```
-
-
-### Debugging tips <a name="debugging-tips"></a>
-
-To debug in a development setup, you can start the Podman system service
-in debug mode like so:
-
-```bash
-$ podman --log-level=debug system service -t 0
-```
-
-The `--log-level=debug` echoes all the logged requests and is useful to
-trace the execution path at a finer granularity. A snippet of a sample run looks like:
-
-```bash
-INFO[0000] podman filtering at log level debug
-DEBU[0000] Called service.PersistentPreRunE(podman --log-level=debug system service -t0)
-DEBU[0000] Ignoring libpod.conf EventsLogger setting "/home/lsm5/.config/containers/containers.conf". Use "journald" if you want to change this setting and remove libpod.conf files.
-DEBU[0000] Reading configuration file "/usr/share/containers/containers.conf"
-DEBU[0000] Merged system config "/usr/share/containers/containers.conf": {Editors note: the remainder of this line was removed due to Jekyll formatting errors.}
-DEBU[0000] Using conmon: "/usr/bin/conmon"
-DEBU[0000] Initializing boltdb state at /home/lsm5/.local/share/containers/storage/libpod/bolt_state.db
-DEBU[0000] Overriding run root "/run/user/1000/containers" with "/run/user/1000" from database
-DEBU[0000] Using graph driver overlay
-DEBU[0000] Using graph root /home/lsm5/.local/share/containers/storage
-DEBU[0000] Using run root /run/user/1000
-DEBU[0000] Using static dir /home/lsm5/.local/share/containers/storage/libpod
-DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp
-DEBU[0000] Using volume path /home/lsm5/.local/share/containers/storage/volumes
-DEBU[0000] Set libpod namespace to ""
-DEBU[0000] Not configuring container store
-DEBU[0000] Initializing event backend file
-DEBU[0000] using runtime "/usr/bin/runc"
-DEBU[0000] using runtime "/usr/bin/crun"
-WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument
-DEBU[0000] using runtime "/usr/bin/crun"
-INFO[0000] Setting parallel job count to 25
-INFO[0000] podman filtering at log level debug
-DEBU[0000] Called service.PersistentPreRunE(podman --log-level=debug system service -t0)
-DEBU[0000] Ignoring libpod.conf EventsLogger setting "/home/lsm5/.config/containers/containers.conf". Use "journald" if you want to change this setting and remove libpod.conf files.
-DEBU[0000] Reading configuration file "/usr/share/containers/containers.conf"
-```
-
-If the Podman system service has been started via systemd socket activation,
-you can view the logs using journalctl. The logs after a sample run look like so:
-
-```bash
-$ journalctl --user --no-pager -u podman.socket
--- Reboot --
-Jul 22 13:50:40 nagato.nanadai.me systemd[1048]: Listening on Podman API Socket.
-$
-```
-
-```bash
-$ journalctl --user --no-pager -u podman.service
-Jul 22 13:50:53 nagato.nanadai.me systemd[1048]: Starting Podman API Service...
-Jul 22 13:50:54 nagato.nanadai.me podman[1527]: time="2020-07-22T13:50:54-04:00" level=error msg="Error refreshing volume 38480630a8bdaa3e1a0ebd34c94038591b0d7ad994b37be5b4f2072bb6ef0879: error acquiring lock 0 for volume 38480630a8bdaa3e1a0ebd34c94038591b0d7ad994b37be5b4f2072bb6ef0879: file exists"
-Jul 22 13:50:54 nagato.nanadai.me podman[1527]: time="2020-07-22T13:50:54-04:00" level=error msg="Error refreshing volume 47d410af4d762a0cc456a89e58f759937146fa3be32b5e95a698a1d4069f4024: error acquiring lock 0 for volume 47d410af4d762a0cc456a89e58f759937146fa3be32b5e95a698a1d4069f4024: file exists"
-Jul 22 13:50:54 nagato.nanadai.me podman[1527]: time="2020-07-22T13:50:54-04:00" level=error msg="Error refreshing volume 86e73f082e344dad38c8792fb86b2017c4f133f2a8db87f239d1d28a78cf0868: error acquiring lock 0 for volume 86e73f082e344dad38c8792fb86b2017c4f133f2a8db87f239d1d28a78cf0868: file exists"
-Jul 22 13:50:54 nagato.nanadai.me podman[1527]: time="2020-07-22T13:50:54-04:00" level=error msg="Error refreshing volume 9a16ea764be490a5563e384d9074ab0495e4d9119be380c664037d6cf1215631: error acquiring lock 0 for volume 9a16ea764be490a5563e384d9074ab0495e4d9119be380c664037d6cf1215631: file exists"
-Jul 22 13:50:54 nagato.nanadai.me podman[1527]: time="2020-07-22T13:50:54-04:00" level=error msg="Error refreshing volume bfd6b2a97217f8655add13e0ad3f6b8e1c79bc1519b7a1e15361a107ccf57fc0: error acquiring lock 0 for volume bfd6b2a97217f8655add13e0ad3f6b8e1c79bc1519b7a1e15361a107ccf57fc0: file exists"
-Jul 22 13:50:54 nagato.nanadai.me podman[1527]: time="2020-07-22T13:50:54-04:00" level=error msg="Error refreshing volume f9b9f630982452ebcbed24bd229b142fbeecd5d4c85791fca440b21d56fef563: error acquiring lock 0 for volume f9b9f630982452ebcbed24bd229b142fbeecd5d4c85791fca440b21d56fef563: file exists"
-Jul 22 13:50:54 nagato.nanadai.me podman[1527]: Trying to pull registry.fedoraproject.org/fedora:latest...
-Jul 22 13:50:55 nagato.nanadai.me podman[1527]: Getting image source signatures
-Jul 22 13:50:55 nagato.nanadai.me podman[1527]: Copying blob sha256:dd9f43919ba05f05d4f783c31e83e5e776c4f5d29dd72b9ec5056b9576c10053
-Jul 22 13:50:55 nagato.nanadai.me podman[1527]: Copying config sha256:00ff39a8bf19f810a7e641f7eb3ddc47635913a19c4996debd91fafb6b379069
-Jul 22 13:50:55 nagato.nanadai.me podman[1527]: Writing manifest to image destination
-Jul 22 13:50:55 nagato.nanadai.me podman[1527]: Storing signatures
-Jul 22 13:50:55 nagato.nanadai.me systemd[1048]: podman.service: unit configures an IP firewall, but not running as root.
-Jul 22 13:50:55 nagato.nanadai.me systemd[1048]: (This warning is only shown for the first unit using IP firewalling.)
-Jul 22 13:51:15 nagato.nanadai.me systemd[1048]: podman.service: Succeeded.
-Jul 22 13:51:15 nagato.nanadai.me systemd[1048]: Finished Podman API Service.
-Jul 22 13:51:15 nagato.nanadai.me systemd[1048]: podman.service: Consumed 1.339s CPU time.
-$
-```
-
-
-## Wrap Up
-Podman provides a set of Go bindings to allow developers to integrate Podman
-functionality conveniently in their Go application. These Go bindings require
-the Podman system service to be running in the background and this can easily
-be achieved using systemd socket activation. Once set up, you are able to use a
-set of Go based bindings to create, maintain and monitor your container images,
-containers and pods in a way which fits very nicely in many production environments.
-
-
-## References
-- Podman is available for most major distributions along with macOS and Windows.
-Installation details are available on the [Podman official website](https://podman.io/getting-started/).
-
-- Documentation can be found at the [Podman Docs page](https://docs.podman.io).
-It also includes a section on the [RESTful API](https://docs.podman.io/en/latest/Reference.html).
diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md
index 18f60ea00..5d20f2cc0 100644
--- a/docs/tutorials/rootless_tutorial.md
+++ b/docs/tutorials/rootless_tutorial.md
@@ -13,31 +13,31 @@ The alternative OCI runtime support for cgroup V2 can also be turned on at the c
```
podman --runtime crun
```
-or for all commands by changing the value for the "Default OCI runtime" in the containers.conf file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`.
+or for all commands by changing the value for the "Default OCI runtime" in the `containers.conf` file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`.
## Administrator Actions
### Installing Podman
-For installing Podman, please see the [installation instructions](https://github.com/containers/podman/blob/master/install.md).
+For installing Podman, please see the [installation instructions](https://github.com/containers/podman/blob/main/install.md).
### Building Podman
-For building Podman, please see the [installation instructions](https://github.com/containers/podman/blob/master/install.md#building-from-scratch).
+For building Podman, please see the [installation instructions](https://github.com/containers/podman/blob/main/install.md#building-from-scratch).
-### Install slirp4netns
+### Install `slirp4netns`
-The [slirp4netns](https://github.com/rootless-containers/slirp4netns) package provides user-mode networking for unprivileged network namespaces and must be installed on the machine in order for Podman to run in a rootless environment. The package is available on most Linux distributions via their package distribution software such as yum, dnf, apt, zypper, etc. If the package is not available, you can build and install slirp4netns from [GitHub](https://github.com/rootless-containers/slirp4netns).
+The [slirp4netns](https://github.com/rootless-containers/slirp4netns) package provides user-mode networking for unprivileged network namespaces and must be installed on the machine in order for Podman to run in a rootless environment. The package is available on most Linux distributions via their package distribution software such as `yum`, `dnf`, `apt`, `zypper`, etc. If the package is not available, you can build and install `slirp4netns` from [GitHub](https://github.com/rootless-containers/slirp4netns).
-### Ensure fuse-overlayfs is installed
+### Ensure `fuse-overlayfs` is installed
-When using Podman in a rootless environment, it is recommended to use fuse-overlayfs rather than the VFS file system. For that you need the `fuse-overlayfs` executable available in `$PATH`.
+When using Podman in a rootless environment, it is recommended to use `fuse-overlayfs` rather than the VFS file system. For that you need the `fuse-overlayfs` executable available in `$PATH`.
Your distribution might already provide it in the `fuse-overlayfs` package, but be aware that you need at least version **0.7.6**. This especially needs to be checked on Ubuntu distributions as `fuse-overlayfs` is not generally installed by default and the 0.7.6 version is not available natively on Ubuntu releases prior to **20.04**.
-The fuse-overlayfs project is available from [GitHub](https://github.com/containers/fuse-overlayfs), and provides instructions for easily building a static `fuse-overlayfs` executable.
+The `fuse-overlayfs` project is available from [GitHub](https://github.com/containers/fuse-overlayfs), and provides instructions for easily building a static `fuse-overlayfs` executable.
-If Podman is used before fuse-overlayfs is installed, it may be necessary to adjust the `storage.conf` file (see "User Configuration Files" below) to change the `driver` option under `[storage]` to `"overlay"` and point the `mount_program` option in `[storage.options]` to the path of the `fuse-overlayfs` executable:
+If Podman is used before `fuse-overlayfs` is installed, it may be necessary to adjust the `storage.conf` file (see "User Configuration Files" below) to change the `driver` option under `[storage]` to `"overlay"` and point the `mount_program` option in `[storage.options]` to the path of the `fuse-overlayfs` executable:
```
[storage]
@@ -54,13 +54,13 @@ If Podman is used before fuse-overlayfs is installed, it may be necessary to adj
### Enable user namespaces (on RHEL7 machines)
-The number of user namespaces that are allowed on the system is specified in the file `/proc/sys/user/max_user_namespaces`. On most Linux platforms this is preset by default and no adjustment is necessary. However on RHEL7 machines a user with root privileges may need to set that to a reasonable value by using this command: `sysctl user.max_user_namespaces=15000`.
+The number of user namespaces that are allowed on the system is specified in the file `/proc/sys/user/max_user_namespaces`. On most Linux platforms this is preset by default and no adjustment is necessary. However, on RHEL7 machines, a user with root privileges may need to set that to a reasonable value by using this command: `sysctl user.max_user_namespaces=15000`.
-### /etc/subuid and /etc/subgid configuration
+### `/etc/subuid` and `/etc/subgid` configuration
-Rootless Podman requires the user running it to have a range of UIDs listed in /etc/subuid and /etc/subgid files. The `shadow-utils` or `newuid` package provides these files on different distributions and they must be installed on the system. These files will need someone with root privileges on the system to add or update the entries within them. The following is a summarization from the [How does rootless Podman work?](https://opensource.com/article/19/2/how-does-rootless-podman-work) article by Dan Walsh on [opensource.com](https://opensource.com)
+Rootless Podman requires the user running it to have a range of UIDs listed in the files `/etc/subuid` and `/etc/subgid`. The `shadow-utils` or `newuid` package provides these files on different distributions and they must be installed on the system. Root privileges are required to add or update entries within these files. The following is a summary from the [How does rootless Podman work?](https://opensource.com/article/19/2/how-does-rootless-podman-work) article by Dan Walsh on [opensource.com](https://opensource.com)
-Update the /etc/subuid and /etc/subgid with fields for each user that will be allowed to create containers that look like the following. Note that the values for each user must be unique and without any overlap. If there is an overlap, there is a potential for a user to use another’s namespace and they could corrupt it.
+For each user that will be allowed to create containers, update `/etc/subuid` and `/etc/subgid` for the user with fields that look like the following. Note that the values for each user must be unique. If there is overlap, there is a potential for a user to use another user's namespace and they could corrupt it.
```
cat /etc/subuid
@@ -68,17 +68,17 @@ johndoe:100000:65536
test:165536:65536
```
-The format of this file is USERNAME:UID:RANGE
+The format of this file is `USERNAME:UID:RANGE`
-* username as listed in /etc/passwd or getpwent.
-* The initial uid allocated for the user.
+* username as listed in `/etc/passwd` or in the output of [`getpwent`](https://man7.org/linux/man-pages/man3/getpwent.3.html).
+* The initial UID allocated for the user.
* The size of the range of UIDs allocated for the user.
-This means the user johndoe is allocated UIDS 100000-165535 as well as their standard UID in the /etc/passwd file. NOTE: this is not currently supported with network installs. These files must be available locally to the host machine. It is not possible to configure this with LDAP or Active Directory.
+This means the user `johndoe` is allocated UIDs 100000-165535 as well as their standard UID in the `/etc/passwd` file. NOTE: this is not currently supported with network installs; these files must be available locally to the host machine. It is not possible to configure this with LDAP or Active Directory.
-If you update either the /etc/subuid or the /etc/subgid file, you need to stop all the running containers owned by the user and kill the pause process that is running on the system for that user. This can be done automatically by using the [`podman system migrate`](https://github.com/containers/podman/blob/master/docs/podman-system-migrate.1.md) command which will stop all the containers for the user and will kill the pause process.
+If you update either `/etc/subuid` or `/etc/subgid`, you need to stop all the running containers owned by the user and kill the pause process that is running on the system for that user. This can be done automatically by using the [`podman system migrate`](https://github.com/containers/podman/blob/main/docs/source/markdown/podman-system-migrate.1.md) command which will stop all the containers for the user and will kill the pause process.
-Rather than updating the files directly, the usermod program can be used to assign UIDs and GIDs to a user.
+Rather than updating the files directly, the `usermod` program can be used to assign UIDs and GIDs to a user.
```
usermod --add-subuids 200000-201000 --add-subgids 200000-201000 johndoe
@@ -102,13 +102,13 @@ To make the change persist, the administrator will need to add a file with the `
The majority of the work necessary to run Podman in a rootless environment is on the shoulders of the machine’s administrator.
-Once the Administrator has completed the setup on the machine and then the configurations for the user in /etc/subuid and /etc/subgid, the user can just start using any Podman command that they wish.
+Once the Administrator has completed the setup on the machine and then the configurations for the user in `/etc/subuid` and `/etc/subgid`, the user can just start using any Podman command that they wish.
### User Configuration Files
The Podman configuration files for root reside in `/usr/share/containers` with overrides in `/etc/containers`. In the rootless environment they reside in `${XDG_CONFIG_HOME}/containers` (usually `~/.config/containers`) and are owned by each individual user.
-The three main configuration files are [containers.conf](https://github.com/containers/common/blob/master/docs/containers.conf.5.md), [storage.conf](https://github.com/containers/storage/blob/master/docs/containers-storage.conf.5.md) and [registries.conf](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md). The user can modify these files as they wish.
+The three main configuration files are [containers.conf](https://github.com/containers/common/blob/main/docs/containers.conf.5.md), [storage.conf](https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md) and [registries.conf](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md). The user can modify these files as they wish.
#### containers.conf
Podman reads
@@ -123,7 +123,7 @@ For `storage.conf` the order is
1. `/etc/containers/storage.conf`
2. `$HOME/.config/containers/storage.conf`
-In rootless podman certain fields in `/etc/containers/storage.conf` are ignored. These fields are:
+In rootless Podman certain fields in `/etc/containers/storage.conf` are ignored. These fields are:
```
graphroot=""
container storage graph dir (default: "/var/lib/containers/storage")
@@ -133,7 +133,7 @@ runroot=""
container storage run dir (default: "/run/containers/storage")
Default directory to store all temporary writable content created by container storage programs.
```
-In rootless podman these fields default to
+In rootless Podman these fields default to
```
graphroot="$HOME/.local/share/containers/storage"
runroot="$XDG_RUNTIME_DIR/containers"
@@ -146,14 +146,14 @@ Registry configuration is read in by this order
2. `/etc/containers/registries.d/*`
3. `HOME/.config/containers/registries.conf`
-The files in the home directory should be used to configure rootless podman for personal needs. These files are not created by default. Users can copy the files from `/usr/share/containers` or `/etc/containers` and modify them.
+The files in the home directory should be used to configure rootless Podman for personal needs. These files are not created by default. Users can copy the files from `/usr/share/containers` or `/etc/containers` and modify them.
#### Authorization files
The default authorization file used by the `podman login` and `podman logout` commands reside in `${XDG_RUNTIME_DIR}/containers/auth.json`.
### Using volumes
-Rootless Podman is not, and will never be, root; it's not a setuid binary, and gains no privileges when it runs. Instead, Podman makes use of a user namespace to shift the UIDs and GIDs of a block of users it is given access to on the host (via the newuidmap and newgidmap executables) and your own user within the containers that Podman creates.
+Rootless Podman is not, and will never be, root; it's not a `setuid` binary, and gains no privileges when it runs. Instead, Podman makes use of a user namespace to shift the UIDs and GIDs of a block of users it is given access to on the host (via the `newuidmap` and `newgidmap` executables) and your own user within the containers that Podman creates.
If your container runs with the root user, then `root` in the container is actually your user on the host. UID/GID 1 is the first UID/GID specified in your user's mapping in `/etc/subuid` and `/etc/subgid`, etc. If you mount a directory from the host into a container as a rootless user, and create a file in that directory as root in the container, you'll see it's actually owned by your user on the host.
@@ -193,6 +193,6 @@ Other considerations in regards to volumes:
## More information
-If you are still experiencing problems running Podman in a rootless environment, please refer to the [Shortcomings of Rootless Podman](https://github.com/containers/podman/blob/master/rootless.md) page which lists known issues and solutions to known issues in this environment.
+If you are still experiencing problems running Podman in a rootless environment, please refer to the [Shortcomings of Rootless Podman](https://github.com/containers/podman/blob/main/rootless.md) page which lists known issues and solutions to known issues in this environment.
-For more information on Podman and its subcommands, checkout the asciiart demos on the [README.md](../../README.md#commands) page or the [podman.io](https://podman.io) web site.
+For more information on Podman and its subcommands, follow the links on the main [README.md](../../README.md#podman-information-for-developers) page or the [podman.io](https://podman.io) web site.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-03 16:23:47 +0000