diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/source/markdown/options/privileged.md | 14 | ||||
-rw-r--r-- | docs/source/markdown/podman-create.1.md.in | 16 | ||||
-rw-r--r-- | docs/source/markdown/podman-exec.1.md.in | 16 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md.in | 15 |
4 files changed, 17 insertions, 44 deletions
diff --git a/docs/source/markdown/options/privileged.md b/docs/source/markdown/options/privileged.md new file mode 100644 index 000000000..8d9746d6b --- /dev/null +++ b/docs/source/markdown/options/privileged.md @@ -0,0 +1,14 @@ +#### **--privileged** + +Give extended privileges to this container. The default is **false**. + +By default, Podman containers are unprivileged (**=false**) and cannot, for +example, modify parts of the operating system. This is because by default a +container is only allowed limited access to devices. A "privileged" container +is given the same access to devices as the user launching the container. + +A privileged container turns off the security features that isolate the +container from the host. Dropped Capabilities, limited devices, read-only mount +points, Apparmor/SELinux separation, and Seccomp filters are all disabled. + +Rootless containers cannot have more privileges than the account that launched them. diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 68bd06472..a20aeafcd 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -354,21 +354,7 @@ To make a pod with more granular options, use the `podman pod create` command be @@option pod-id-file.container -#### **--privileged** - -Give extended privileges to this container. The default is *false*. - -By default, Podman containers are -“unprivileged” (=false) and cannot, for example, modify parts of the operating system. -This is because by default a container is not allowed to access any devices. -A “privileged” container is given access to all devices. - -When the operator executes a privileged container, Podman enables access -to all devices on the host, turns off graphdriver mount options, as well as -turning off most of the security measures protecting the host from the -container. - -Rootless containers cannot have more privileges than the account that launched them. +@@option privileged #### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* diff --git a/docs/source/markdown/podman-exec.1.md.in b/docs/source/markdown/podman-exec.1.md.in index 3202159c9..0d161ef66 100644 --- a/docs/source/markdown/podman-exec.1.md.in +++ b/docs/source/markdown/podman-exec.1.md.in @@ -44,21 +44,7 @@ to run containers such as CRI-O, the last started container could be from either Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs will be 3+N. -#### **--privileged** - -Give extended privileges to this container. The default is *false*. - -By default, Podman containers are -"unprivileged" and cannot, for example, modify parts of the operating system. -This is because by default a container is only allowed limited access to devices. -A "privileged" container is given the same access to devices as the user launching the container. - -A privileged container turns off the security features that isolate the -container from the host. Dropped Capabilities, limited devices, read/only mount -points, Apparmor/SELinux separation, and Seccomp filters are all disabled. - -Rootless containers cannot have more privileges than the account that launched them. - +@@option privileged #### **--tty**, **-t** diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index db1cd1682..2bb3098e2 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -385,20 +385,7 @@ If a container is run with a pod, and the pod has an infra-container, the infra- Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs will be 3+N. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) -#### **--privileged** - -Give extended privileges to this container. The default is **false**. - -By default, Podman containers are unprivileged (**=false**) and cannot, for -example, modify parts of the operating system. This is because by default a -container is only allowed limited access to devices. A "privileged" container -is given the same access to devices as the user launching the container. - -A privileged container turns off the security features that isolate the -container from the host. Dropped Capabilities, limited devices, read-only mount -points, Apparmor/SELinux separation, and Seccomp filters are all disabled. - -Rootless containers cannot have more privileges than the account that launched them. +@@option privileged #### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* |