aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/podman-build.1.md24
-rw-r--r--docs/podman-create.1.md21
-rw-r--r--docs/podman-run.1.md11
3 files changed, 29 insertions, 27 deletions
diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md
index 878b31080..8deb8811e 100644
--- a/docs/podman-build.1.md
+++ b/docs/podman-build.1.md
@@ -375,18 +375,18 @@ to podman build, the option given would be `--runtime-flag log-format=json`.
Security Options
- "label=user:USER" : Set the label user for the container
- "label=role:ROLE" : Set the label role for the container
- "label=type:TYPE" : Set the label type for the container
- "label=level:LEVEL" : Set the label level for the container
- "label=disable" : Turn off label confinement for the container
- "no-new-privileges" : Not supported
-
- "seccomp=unconfined" : Turn off seccomp confinement for the container
- "seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
-
- "apparmor=unconfined" : Turn off apparmor confinement for the container
- "apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
+
+- `label=user:USER` : Set the label user for the container processes
+- `label=role:ROLE` : Set the label role for the container processes
+- `label=type:TYPE` : Set the label process type for the container processes
+- `label=level:LEVEL` : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable` : Turn off label separation for the container
+
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
**--shm-size**=*size*
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 1377f2a03..7634408f5 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -640,19 +640,20 @@ of the container is assumed to be managed externally.
Security Options
-"apparmor=unconfined" : Turn off apparmor confinement for the container
-"apparmor=your-profile" : Set the apparmor confinement profile for the container
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
-"label=user:USER" : Set the label user for the container
-"label=role:ROLE" : Set the label role for the container
-"label=type:TYPE" : Set the label type for the container
-"label=level:LEVEL" : Set the label level for the container
-"label=disable" : Turn off label confinement for the container
+- `label=user:USER` : Set the label user for the container processes
+- `label=role:ROLE` : Set the label role for the container processes
+- `label=type:TYPE` : Set the label process type for the container processes
+- `label=level:LEVEL` : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable` : Turn off label separation for the container
-"no-new-privileges" : Disable container processes from gaining additional privileges
+- `no-new-privileges` : Disable container processes from gaining additional privileges
-"seccomp=unconfined" : Turn off seccomp confinement for the container
-"seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
+- `seccomp=unconfined` : Turn off seccomp confinement for the container
+- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
Note: Labeling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index 2445df566..33b5cbf9e 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -665,11 +665,12 @@ Security Options
- `apparmor=unconfined` : Turn off apparmor confinement for the container
- `apparmor=your-profile` : Set the apparmor confinement profile for the container
-- `label=user:USER` : Set the label user for the container
-- `label=role:ROLE` : Set the label role for the container
-- `label=type:TYPE` : Set the label type for the container
-- `label=level:LEVEL` : Set the label level for the container
-- `label=disable` : Turn off label confinement for the container
+- `label=user:USER` : Set the label user for the container processes
+- `label=role:ROLE` : Set the label role for the container processes
+- `label=type:TYPE` : Set the label process type for the container processes
+- `label=level:LEVEL` : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable` : Turn off label separation for the container
- `no-new-privileges` : Disable container processes from gaining additional privileges