diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/libpod.conf.5.md | 3 | ||||
| -rw-r--r-- | docs/podman-create.1.md | 34 | ||||
| -rw-r--r-- | docs/podman-run.1.md | 42 | ||||
| -rw-r--r-- | docs/podman-wait.1.md | 3 | ||||
| -rw-r--r-- | docs/podman.1.md | 42 |
5 files changed, 103 insertions, 21 deletions
diff --git a/docs/libpod.conf.5.md b/docs/libpod.conf.5.md index e881c4296..198e927ee 100644 --- a/docs/libpod.conf.5.md +++ b/docs/libpod.conf.5.md @@ -59,6 +59,9 @@ libpod to manage containers. The default namespace is "", which corresponds to no namespace. When no namespace is set, all containers and pods are visible. +**label**="true|false" + Indicates whether the containers should use label separation. + ## FILES `/usr/share/containers/libpod.conf`, default libpod configuration path diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 8cbe64a3e..c42671b76 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -372,6 +372,36 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. +**--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]* + +Attach a filesystem mount to the container + +Current supported mount TYPES are bind, and tmpfs. + + e.g. + + type=bind,source=/path/on/host,destination=/path/in/container + + type=tmpfs,tmpfs-size=512M,destination=/path/in/container + + Common Options: + + · src, source: mount source spec for bind and volume. Mandatory for bind. + + · dst, destination, target: mount destination spec. + + · ro, read-only: true or false (default). + + Options specific to bind: + + · bind-propagation: shared, slave, private, rshared, rslave, or rprivate(default). See also mount(2). + + Options specific to tmpfs: + + · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux. + + · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux. + **--name**="" Assign a name to the container @@ -506,6 +536,8 @@ Security Options "seccomp=unconfined" : Turn off seccomp confinement for the container "seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter +Note: Labelling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file. + **--shm-size**="" Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. @@ -736,7 +768,7 @@ $ podman create --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello **/etc/subgid** ## SEE ALSO -subgid(5), subuid(5) +subgid(5), subuid(5), libpod.conf(5) ## HISTORY October 2017, converted from Docker documentation to podman by Dan Walsh for podman <dwalsh@redhat.com> diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 0960125a3..fccebb7f7 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -528,6 +528,8 @@ Security Options - `seccomp=unconfined` : Turn off seccomp confinement for the container - `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter +Note: Labelling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file. + **--shm-size**="" Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. @@ -653,6 +655,36 @@ Set the UTS mode for the container **NOTE**: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. +**--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]* + +Attach a filesystem mount to the container + +Current supported mount TYPES are bind, and tmpfs. + + e.g. + + type=bind,source=/path/on/host,destination=/path/in/container + + type=tmpfs,tmpfs-size=512M,destination=/path/in/container + + Common Options: + + · src, source: mount source spec for bind and volume. Mandatory for bind. + + · dst, destination, target: mount destination spec. + + · ro, read-only: true or false (default). + + Options specific to bind: + + · bind-propagation: Z, z, shared, slave, private, rshared, rslave, or rprivate(default). See also mount(2). + + Options specific to tmpfs: + + · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux. + + · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux. + **-v**|**--volume**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*] Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, podman @@ -929,6 +961,12 @@ colon: $ podman run -v /var/db:/data1 -i -t fedora bash ``` +Using --mount flags, To mount a host directory as a container folder, specify +the absolute path to the directory and the absolute path for the container +directory: + +$ podman run --mount type=bind,src=/var/db,target=/data1 busybox sh + When using SELinux, be aware that the host has no knowledge of container SELinux policy. Therefore, in the above example, if SELinux policy is enforced, the `/var/db` directory is not writable to the container. A "Permission Denied" @@ -1025,9 +1063,11 @@ $ podman run --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello **/etc/subgid** ## SEE ALSO -subgid(5), subuid(5) +subgid(5), subuid(5), libpod.conf(5) ## HISTORY +September 2018, updated by Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> + October 2017, converted from Docker documentation to podman by Dan Walsh for podman <dwalsh@redhat.com> November 2015, updated by Sally O'Malley <somalley@redhat.com> diff --git a/docs/podman-wait.1.md b/docs/podman-wait.1.md index 74ccdbe0c..dd5dc7907 100644 --- a/docs/podman-wait.1.md +++ b/docs/podman-wait.1.md @@ -17,6 +17,9 @@ After the container stops, the container's return code is printed. Print usage statement +**--interval, i**" + Microseconds to wait before polling for completion + **--latest, -l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman diff --git a/docs/podman.1.md b/docs/podman.1.md index eb07ed491..3a0943d6b 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -54,14 +54,14 @@ Path to the OCI compatible binary used to run containers **--storage-driver, -s**=**value** -Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf, and is *vfs* for other users. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. +Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for other users. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. Overriding this option will cause the *storage-opt* settings in /etc/containers/storage.conf to be ignored. The user must specify additional options via the `--storage-opt` flag. **--storage-opt**=**value** -Storage driver option, Default storage driver options are configured in /etc/containers/storage.conf. The `STORAGE_OPTS` environment variable overrides the default. The --storage-opt specified options overrides all. +Storage driver option, Default storage driver options are configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode). The `STORAGE_OPTS` environment variable overrides the default. The --storage-opt specified options overrides all. **--syslog** @@ -153,37 +153,41 @@ the exit codes follow the `chroot` standard, see below: **libpod.conf** (`/etc/containers/libpod.conf`) -libpod.conf is the configuration file for all tools using libpod to manage containers. When Podman runs in rootless mode, then the file `$HOME/.config/containers/libpod.conf` is used. + libpod.conf is the configuration file for all tools using libpod to manage containers. When Podman runs in rootless mode, then the file `$HOME/.config/containers/libpod.conf` is used. -**storage.conf** (`/etc/containers/storage.conf`) +**mounts.conf** (`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`) -storage.conf is the storage configuration file for all tools using containers/storage + The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used. Please refer to containers-mounts.conf(5) for further details. -The storage configuration file specifies all of the available container storage options for tools using shared container storage. +**OCI hooks JSON** (`/etc/containers/oci/hooks.d/*.json`, `/usr/share/containers/oci/hooks.d/*.json`) -When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is also loaded. + Each `*.json` file in `/etc/containers/oci/hooks.d` and `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers, with `/etc/containers/oci/hooks.d` having higher precedence. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. -**mounts.conf** (`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`) + Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated. + + For the annotation conditions, libpod uses any annotations set in the generated OCI configuration. -The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used. Please refer to containers-mounts.conf(5) for further details. + For the bind-mount conditions, only mounts explicitly requested by the caller via `--volume` are considered. Bind mounts that libpod inserts by default (e.g. `/dev/shm`) are not considered. -**hook JSON** (`/usr/share/containers/oci/hooks.d/*.json`) + Hooks are not used when running in rootless mode. -Each `*.json` file in `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. +**policy.json** (`/etc/containers/policy.json`) -Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated. + Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid. -For the annotation conditions, libpod uses any annotations set in the generated OCI configuration. +**registries.conf** (`/etc/containers/registries.conf`) -For the bind-mount conditions, only mounts explicitly requested by the caller via `--volume` are considered. Bind mounts that libpod inserts by default (e.g. `/dev/shm`) are not considered. + registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. -Hooks are not used when running in rootless mode. + When Podman runs in rootless mode, the file `$HOME/.config/containers/registries.conf` is used. -**registries.conf** (`/etc/containers/registries.conf`) +**storage.conf** (`/etc/containers/storage.conf`) + + storage.conf is the storage configuration file for all tools using containers/storage -registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. + The storage configuration file specifies all of the available container storage options for tools using shared container storage. -When Podman runs in rootless mode, the file `$HOME/.config/containers/registries.conf` is used. + When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is also loaded. ## Rootless mode Podman can also be used as non-root user. When podman runs in rootless mode, an user namespace is automatically created. @@ -209,7 +213,7 @@ Currently it is not possible to create a network device, so rootless containers then only the loopback device will be available. ## SEE ALSO -`oci-hooks(5)`, `containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `crio(8)`, `libpod.conf(5)` +`containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `crio(8)`, `libpod.conf(5)`, `oci-hooks(5)`, `policy.json(5)` ## HISTORY Dec 2016, Originally compiled by Dan Walsh <dwalsh@redhat.com> |