diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/podman-top.1.md | 58 | ||||
| -rw-r--r-- | docs/podman.1.md | 8 |
2 files changed, 53 insertions, 13 deletions
diff --git a/docs/podman-top.1.md b/docs/podman-top.1.md index a9abd8baf..d95d4df7f 100644 --- a/docs/podman-top.1.md +++ b/docs/podman-top.1.md @@ -4,10 +4,10 @@ podman\-top - Display the running processes of a container ## SYNOPSIS -**podman top** [*options*] *container* [*ps-options*] +**podman top** [*options*] *container* [*format-descriptors*] ## DESCRIPTION -Display the running process of the container. *ps-options* can be any of the options you would pass to `ps(1)`. +Display the running process of the container. The *format-descriptors* are ps (1) compatible AIX format descriptors but extended to print additional information, such as the seccomp mode or the effective capabilities of a given process. ## OPTIONS @@ -20,25 +20,59 @@ Display the running process of the container. *ps-options* can be any of the opt Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. +## FORMAT DESCRIPTORS + +The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1): + +**capinh** + + Set of inheritable capabilities. See capabilities (7) for more information. + +**capprm** + + Set of permitted capabilities. See capabilities (7) for more information. + +**capeff** + + Set of effective capabilities. See capabilities (7) for more information. + +**capbnd** + + Set of effective capabilities. See capabilities (7) for more information. + +**seccomp** + + Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information. + +**label** + + Current security attributes of the process. + ## EXAMPLES +By default, `podman-top` prints data similar to `ps -ef`: + ``` # podman top f5a62a71b07 - UID PID PPID %CPU STIME TT TIME CMD - 0 18715 18705 0.0 10:35 pts/0 00:00:00 /bin/bash - 0 18741 18715 0.0 10:35 pts/0 00:00:00 vi -# +USER PID PPID %CPU ELAPSED TTY TIME COMMAND +root 1 0 0.000 20.386825206s pts/0 0s sh +root 7 1 0.000 16.386882887s pts/0 0s sleep +root 8 1 0.000 11.386886562s pts/0 0s vi ``` +The output can be controlled by specifying format descriptors as arguments after the container: + ``` -#podman --log-level=debug top f5a62a71b07 -o pid,fuser,f,comm,label - PID FUSER F COMMAND LABEL -18715 root 4 bash system_u:system_r:container_t:s0:c429,c1016 -18741 root 0 vi system_u:system_r:container_t:s0:c429,c1016 -# +# sudo ./bin/podman top -l pid seccomp args %C +PID SECCOMP COMMAND %CPU +1 filter sh 0.000 +8 filter vi /etc/ 0.000 ``` + ## SEE ALSO -podman(1), ps(1) +podman(1), ps(1), seccomp(2), capabilities(7) ## HISTORY December 2017, Originally compiled by Brent Baude<bbaude@redhat.com> + +July 2018, Introduce format descriptors by Valentin Rothberg <vrothberg@suse.com> diff --git a/docs/podman.1.md b/docs/podman.1.md index ea7f93afa..5581e0569 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -117,7 +117,7 @@ Print the version **libpod.conf** (`/etc/containers/libpod.conf`) -libpod.conf is the configuration file for all tools using libpod to manage containers. This file is ignored when running in rootless mode. +libpod.conf is the configuration file for all tools using libpod to manage containers. When Podman runs in rootless mode, then the file `$HOME/.config/containers/libpod.conf` is used. **storage.conf** (`/etc/containers/storage.conf`) @@ -125,6 +125,8 @@ storage.conf is the storage configuration file for all tools using containers/st The storage configuration file specifies all of the available container storage options for tools using shared container storage. +When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is also loaded. + **mounts.conf** (`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`) The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Container processes can then use this content. The volume mount content does not get committed to the final image if you do a `podman commit`. @@ -137,6 +139,8 @@ The format of the mounts.conf is the volume format /SRC:/DEST, one mount per lin Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host. +When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used. + **hook JSON** (`/usr/share/containers/oci/hooks.d/*.json`) Each `*.json` file in `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. @@ -153,6 +157,8 @@ Hooks are not used when running in rootless mode. registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +When Podman runs in rootless mode, the file `$HOME/.config/containers/registries.conf` is used. + ## Rootless mode Podman can also be used as non-root user. When podman runs in rootless mode, an user namespace is automatically created. |