diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/podman.1.md | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/docs/podman.1.md b/docs/podman.1.md index f9ba62fdf..6ce5283cf 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -113,7 +113,7 @@ Print the version **libpod.conf** (`/etc/containers/libpod.conf`) -libpod.conf is the configuration file for all tools using libpod to manage containers +libpod.conf is the configuration file for all tools using libpod to manage containers. This file is ignored when running in rootless mode. **storage.conf** (`/etc/containers/storage.conf`) @@ -143,10 +143,22 @@ For the annotation conditions, libpod uses any annotations set in the generated For the bind-mount conditions, only mounts explicitly requested by the caller via `--volume` are considered. Bind mounts that libpod inserts by default (e.g. `/dev/shm`) are not considered. +Hooks are not used when running in rootless mode. + **registries.conf** (`/etc/containers/registries.conf`) registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +## Rootless mode +Podman can also be used as non-root user. When podman runs in rootless mode, an user namespace is automatically created. + +Containers created by a non-root user are not visible to other users and are not seen or managed by podman running as root. + +Images are pulled under `XDG_DATA_HOME` when specified, otherwise in the home directory of the user under `.local/share/containers/storage`. + +Currently it is not possible to create a network device, so rootless containers need to run in the host network namespace. If a rootless container creates a network namespace, +then only the loopback device will be available. + ## SEE ALSO `oci-hooks(5)`, `registries.conf(5)`, `storage.conf(5)`, `crio(8)` |