7 files changed, 107 insertions, 63 deletions
diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md
index 878b31080..8deb8811e 100644
--- a/docs/podman-build.1.md
+++ b/docs/podman-build.1.md
@@ -375,18 +375,18 @@ to podman build, the option given would be `--runtime-flag log-format=json`.
 
 Security Options
 
-  "label=user:USER"   : Set the label user for the container
-  "label=role:ROLE"   : Set the label role for the container
-  "label=type:TYPE"   : Set the label type for the container
-  "label=level:LEVEL" : Set the label level for the container
-  "label=disable"     : Turn off label confinement for the container
-  "no-new-privileges" : Not supported
-
-  "seccomp=unconfined" : Turn off seccomp confinement for the container
-  "seccomp=profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
-
-  "apparmor=unconfined" : Turn off apparmor confinement for the container
-  "apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
+
+- `label=user:USER`     : Set the label user for the container processes
+- `label=role:ROLE`     : Set the label role for the container processes
+- `label=type:TYPE`     : Set the label process type for the container processes
+- `label=level:LEVEL`   : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable`       : Turn off label separation for the container
+
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` :  White listed syscalls seccomp Json file to be used as a seccomp filter
 
 **--shm-size**=*size*
 
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 1377f2a03..7634408f5 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -640,19 +640,20 @@ of the container is assumed to be managed externally.
 
 Security Options
 
-"apparmor=unconfined" : Turn off apparmor confinement for the container
-"apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
 
-"label=user:USER"   : Set the label user for the container
-"label=role:ROLE"   : Set the label role for the container
-"label=type:TYPE"   : Set the label type for the container
-"label=level:LEVEL" : Set the label level for the container
-"label=disable"     : Turn off label confinement for the container
+- `label=user:USER`     : Set the label user for the container processes
+- `label=role:ROLE`     : Set the label role for the container processes
+- `label=type:TYPE`     : Set the label process type for the container processes
+- `label=level:LEVEL`   : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable`       : Turn off label separation for the container
 
-"no-new-privileges" : Disable container processes from gaining additional privileges
+- `no-new-privileges` : Disable container processes from gaining additional privileges
 
-"seccomp=unconfined" : Turn off seccomp confinement for the container
-"seccomp=profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` :  White listed syscalls seccomp Json file to be used as a seccomp filter
 
 Note: Labeling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.
 
diff --git a/docs/podman-generate-systemd.1.md b/docs/podman-generate-systemd.1.md
index ea72fdfae..b4962f28b 100644
--- a/docs/podman-generate-systemd.1.md
+++ b/docs/podman-generate-systemd.1.md
@@ -4,16 +4,20 @@
 podman-generate-systemd- Generate Systemd Unit file
 
 ## SYNOPSIS
-**podman generate systemd** [*options*] *container*
+**podman generate systemd** [*options*] *container|pod*
 
 ## DESCRIPTION
-**podman generate systemd** will create a Systemd unit file that can be used to control a container.  The
-command will dynamically create the unit file and output it to stdout where it can be piped by the user
-to a file.  The options can be used to influence the results of the output as well.
+**podman generate systemd** will create a systemd unit file that can be used to control a container or pod.
+By default, the command will print the content of the unit files to stdout.
 
+Note that this command is not supported for the remote client.
 
 ## OPTIONS:
 
+**--files**, **-f**
+
+Generate files instead of printing to stdout.  The generated files are named {container,pod}-{ID,name}.service and will be placed in the current working directory.
+
 **--name**, **-n**
 
 Use the name of the container for the start, stop, and description in the unit file
@@ -27,41 +31,66 @@ Set the systemd restart policy.  The restart-policy must be one of: "no", "on-su
 "on-watchdog", "on-abort", or "always".  The default policy is *on-failure*.
 
 ## Examples
-Create a systemd unit file for a container running nginx:
 
+Create and print a systemd unit file for a container running nginx with an *always* restart policy and 1-second timeout to stdout.
 ```
-$ sudo podman generate systemd nginx
+$ podman create --name nginx nginx:latest
+$ podman generate systemd --restart-policy=always -t 1 nginx
+# container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service
+# autogenerated by Podman 1.5.2
+# Wed Aug 21 09:46:45 CEST 2019
+
 [Unit]
-Description=c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc Podman Container
+Description=Podman container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service
+Documentation=man:podman-generate-systemd(1)
+
 [Service]
-Restart=on-failure
-ExecStart=/usr/bin/podman start c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc
-ExecStop=/usr/bin/podman stop -t 10 c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc
+Restart=always
+ExecStart=/usr/bin/podman start de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6
+ExecStop=/usr/bin/podman stop -t 1 de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6
 KillMode=none
 Type=forking
-PIDFile=/var/run/containers/storage/overlay-containers/c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc/userdata/conmon.pid
+PIDFile=/run/user/1000/overlay-containers/de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6/userdata/conmon.pid
+
 [Install]
 WantedBy=multi-user.target
 ```
 
-Create a systemd unit file for a container running nginx with an *always* restart policy and 1-second timeout.
+Create systemd unit files for a pod with two simple alpine containers. Note that these container services cannot be started or stopped individually via `systemctl`; they are managed by the pod service. You can still use `systemctl status` or journalctl to examine them.
 ```
-$ sudo podman generate systemd --restart-policy=always -t 1 nginx
+$ podman pod create --name systemd-pod
+$ podman create --pod systemd-pod alpine top
+$ podman create --pod systemd-pod alpine top
+$ podman generate systemd --files --name systemd-pod
+/home/user/pod-systemd-pod.service
+/home/user/container-amazing_chandrasekhar.service
+/home/user/container-jolly_shtern.service
+$ cat pod-systemd-pod.service
+# pod-systemd-pod.service
+# autogenerated by Podman 1.5.2
+# Wed Aug 21 09:52:37 CEST 2019
+
 [Unit]
-Description=c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc Podman Container
+Description=Podman pod-systemd-pod.service
+Documentation=man:podman-generate-systemd(1)
+Requires=container-amazing_chandrasekhar.service container-jolly_shtern.service
+Before=container-amazing_chandrasekhar.service container-jolly_shtern.service
+
 [Service]
-Restart=always
-ExecStart=/usr/bin/podman start c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc
-ExecStop=/usr/bin/podman stop -t 1 c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc
+Restart=on-failure
+ExecStart=/usr/bin/podman start 77a818221650-infra
+ExecStop=/usr/bin/podman stop -t 10 77a818221650-infra
 KillMode=none
 Type=forking
-PIDFile=/var/run/containers/storage/overlay-containers/c21da63c4783be2ac2cd3487ef8d2ec15ee2a28f63dd8f145e3b05607f31cffc/userdata/conmon.pid
+PIDFile=/run/user/1000/overlay-containers/ccfd5c71a088768774ca7bd05888d55cc287698dde06f475c8b02f696a25adcd/userdata/conmon.pid
+
 [Install]
 WantedBy=multi-user.target
 ```
 
 ## SEE ALSO
-podman(1), podman-container(1)
+podman(1), podman-container(1), systemctl(1), systemd.unit(5), systemd.service(5)
 
 ## HISTORY
+August 2019, Updated with pod support by Valentin Rothberg (rothberg at redhat dot com)
 April 2019, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-generate.1.md b/docs/podman-generate.1.md
index 5a2386778..50050f2c1 100644
--- a/docs/podman-generate.1.md
+++ b/docs/podman-generate.1.md
@@ -11,10 +11,11 @@ The generate command will create structured output (like YAML) based on a contai
 
 ## COMMANDS
 
-| Command  | Man Page                                            | Description                                                                  |
-| -------  | --------------------------------------------------- | ---------------------------------------------------------------------------- |
-| kube     | [podman-generate-kube(1)](podman-generate-kube.1.md)| Generate Kubernetes YAML based on a pod or container.                        |
-| systemd  | [podman-generate-systemd(1)](podman-generate-systemd.1.md)| Generate a systemd unit file for a container.                        |
+| Command | Man Page                                                   | Description                                                                         |
+|---------|------------------------------------------------------------|-------------------------------------------------------------------------------------|
+| kube    | [podman-generate-kube(1)](podman-generate-kube.1.md)       | Generate Kubernetes YAML based on a pod or container.                               |
+| systemd | [podman-generate-systemd(1)](podman-generate-systemd.1.md) | Generate systemd unit file(s) for a container. Not supported for the remote client. |
+
 
 ## SEE ALSO
 podman, podman-pod, podman-container
diff --git a/docs/podman-push.1.md b/docs/podman-push.1.md
index 2058a432c..29e4044a3 100644
--- a/docs/podman-push.1.md
+++ b/docs/podman-push.1.md
@@ -61,13 +61,17 @@ value can be entered.  The password is entered without echo.
 **--cert-dir**=*path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands) (Not available for remote commands)
+Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands)
 
 **--compress**
 
 Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source)
 Note: This flag can only be set when using the **dir** transport
 
+**--digestfile** *Digestfile*
+
+After copying the image, write the digest of the resulting image to the file.  (Not available for remote commands)
+
 **--format**, **-f**=*format*
 
 Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source)
@@ -93,19 +97,23 @@ TLS verification will be used unless the target registry is listed as an insecur
 
 ## EXAMPLE
 
-This example extracts the imageID image to a local directory in docker format.
+This example pushes the image specified by the imageID to a local directory in docker format.
 
  `# podman push imageID dir:/path/to/image`
 
-This example extracts the imageID image to a local directory in oci format.
+This example pushes the image specified by the imageID to a local directory in oci format.
 
  `# podman push imageID oci-archive:/path/to/layout:image:tag`
 
-This example extracts the imageID image to a container registry named registry.example.com
+This example pushes the image specified by the imageID to a container registry named registry.example.com
 
  `# podman push imageID docker://registry.example.com/repository:tag`
 
-This example extracts the imageID image and puts into the local docker container store
+This example pushes the image specified by the imageID to a container registry named registry.example.com and saves the digest in the specified digestfile.
+
+ `# podman push --digestfile=/tmp/mydigest imageID docker://registry.example.com/repository:tag`
+
+This example pushes the image specified by the imageID and puts it into the local docker container store
 
  `# podman push imageID docker-daemon:image:tag`
 
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index 2445df566..33b5cbf9e 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -665,11 +665,12 @@ Security Options
 - `apparmor=unconfined` : Turn off apparmor confinement for the container
 - `apparmor=your-profile` : Set the apparmor confinement profile for the container
 
-- `label=user:USER`   : Set the label user for the container
-- `label=role:ROLE`   : Set the label role for the container
-- `label=type:TYPE`   : Set the label type for the container
-- `label=level:LEVEL` : Set the label level for the container
-- `label=disable`     : Turn off label confinement for the container
+- `label=user:USER`     : Set the label user for the container processes
+- `label=role:ROLE`     : Set the label role for the container processes
+- `label=type:TYPE`     : Set the label process type for the container processes
+- `label=level:LEVEL`   : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable`       : Turn off label separation for the container
 
 - `no-new-privileges` : Disable container processes from gaining additional privileges
 
diff --git a/docs/podman-stats.1.md b/docs/podman-stats.1.md
index c1a87f210..2f604644f 100644
--- a/docs/podman-stats.1.md
+++ b/docs/podman-stats.1.md
@@ -9,6 +9,10 @@ podman\-stats - Display a live stream of 1 or more containers' resource usage st
 ## DESCRIPTION
 Display a live stream of one or more containers' resource usage statistics
 
+Note:  Podman stats will not work in rootless environments that use CGroups V1.
+Podman stats relies on CGroup information for statistics, and CGroup v1 is not
+supported for rootless use cases.
+
 ## OPTIONS
 
 **--all**, **-a**
@@ -69,14 +73,14 @@ a9f807ffaacd   frosty_hodgkin   --      3.092MB / 16.7GB    0.02%   -- / --   --
 # podman stats --no-stream --format=json a9f80
 [
     {
-        "id": "a9f807ffaacd",
-        "name": "frosty_hodgkin",
-        "cpu_percent": "--",
-        "mem_usage": "3.092MB / 16.7GB",
-        "mem_percent": "0.02%",
-        "netio": "-- / --",
-        "blocki": "-- / --",
-        "pids": "2"
+	"id": "a9f807ffaacd",
+	"name": "frosty_hodgkin",
+	"cpu_percent": "--",
+	"mem_usage": "3.092MB / 16.7GB",
+	"mem_percent": "0.02%",
+	"netio": "-- / --",
+	"blocki": "-- / --",
+	"pids": "2"
     }
 ]
 ```