aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/podman-image-trust.1.md47
-rw-r--r--docs/podman-info.1.md2
-rw-r--r--docs/podman-inspect.1.md2
-rw-r--r--docs/podman-version.1.md2
-rw-r--r--docs/podman.1.md20
5 files changed, 42 insertions, 31 deletions
diff --git a/docs/podman-image-trust.1.md b/docs/podman-image-trust.1.md
index 3b6564315..668fee0f3 100644
--- a/docs/podman-image-trust.1.md
+++ b/docs/podman-image-trust.1.md
@@ -9,22 +9,24 @@ podman\-trust - Manage container registry image trust policy
[**-h**|**--help**]
[**-j**|**--json**]
[**--raw**]
-[**-f**|**--pubkeysfile** KEY1 [**f**|**--pubkeysfile** KEY2,...]]
+[**-f**|**--pubkeysfile** KEY1 [**-f**|**--pubkeysfile** KEY2,...]]
[**-t**|**--type** signedBy|accept|reject]
REGISTRY[/REPOSITORY]
# DESCRIPTION
-Manages the trust policy of the host system. Trust policy describes
-a registry scope (registry and/or repository) that must be signed by public keys. Trust
-is defined in **/etc/containers/policy.json**. Trust is enforced when a user attempts to pull
-an image from a registry.
+Manages which registries you trust as a source of container images based on its location. The location is determined by the transport and the registry host of the image. Using this container image `docker://docker.io/library/busybox` as an example, `docker` is the transport and `docker.io` is the registry host.
-Trust scope is evaluated by most specific to least specific. In other words, policy may
-be defined for an entire registry, but refined for a particular repository in that
-registry. See below for examples.
+The trust policy describes a registry scope (registry and/or repository). This trust can use public keys for signed images.
+
+Trust is defined in **/etc/containers/policy.json** and is enforced when a user attempts to pull an image from a registry that is managed by policy.json.
+
+The scope of the trust is evaluated from most specific to the least specific. In other words, a policy may be defined for an entire registry. Or it could be defined for a particular repository in that registry. Or it could be defined down to a specific signed image inside of the registry. See below for examples.
+
+Trust **type** provides a way to:
+
+Whitelist ("accept") or
+Blacklist ("reject") registries.
-Trust **type** provides a way to whitelist ("accept") or blacklist
-("reject") registries.
Trust may be updated using the command **podman image trust set** for an existing trust scope.
@@ -34,10 +36,10 @@ Trust may be updated using the command **podman image trust set** for an existin
**-f** **--pubkeysfile**
A path to an exported public key on the local system. Key paths
- will be referenced in policy.json. Any path may be used but path
- **/etc/pki/containers** is recommended. Option may be used multiple times to
- require an image be sigend by multiple keys. One of **--pubkeys** or
- **--pubkeysfile** is required for **signedBy** type.
+ will be referenced in policy.json. Any path may be used but the path
+ **/etc/pki/containers** is recommended. Options may be used multiple times to
+ require an image be signed by multiple keys. One of **--pubkeys** or
+ **--pubkeysfile** is required for the **signedBy** type.
**-t** **--type**
The trust type for this policy entry. Accepted values:
@@ -59,23 +61,30 @@ Trust may be updated using the command **podman image trust set** for an existin
Accept all unsigned images from a registry
- podman image trust set --type accept docker.io
+ sudo podman image trust set --type accept docker.io
Modify default trust policy
- podman image trust set -t reject default
+ sudo podman image trust set -t reject default
Display system trust policy
- podman image trust show
+ sudo podman image trust show
Display trust policy file
- podman image trust show --raw
+ sudo podman image trust show --raw
Display trust as JSON
- podman image trust show --json
+ sudo podman image trust show --json
+
+# SEE ALSO
+
+policy-json(5)
# HISTORY
+
+January 2019, updated by Tom Sweeney (tsweeney at redhat dot com)
+
December 2018, originally compiled by Qi Wang (qiwan at redhat dot com)
diff --git a/docs/podman-info.1.md b/docs/podman-info.1.md
index 836a2c420..d3a0658c9 100644
--- a/docs/podman-info.1.md
+++ b/docs/podman-info.1.md
@@ -19,7 +19,7 @@ Displays information pertinent to the host, current storage stats, configured co
Show additional information
-**--format**
+**--format, -f**
Change output format to "json" or a Go template.
diff --git a/docs/podman-inspect.1.md b/docs/podman-inspect.1.md
index 7bdbcc662..b01bc0f4e 100644
--- a/docs/podman-inspect.1.md
+++ b/docs/podman-inspect.1.md
@@ -27,7 +27,7 @@ The keys of the returned JSON can be used as the values for the --format flag (s
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
-**--size**
+**--size, -s**
Display the total file size if the type is a container
diff --git a/docs/podman-version.1.md b/docs/podman-version.1.md
index 749a33afd..171096587 100644
--- a/docs/podman-version.1.md
+++ b/docs/podman-version.1.md
@@ -16,7 +16,7 @@ OS, and Architecture.
Print usage statement
-**--format**
+**--format**, **-f**
Change output format to "json" or a Go template.
diff --git a/docs/podman.1.md b/docs/podman.1.md
index 74e700fac..6200a07f0 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -1,19 +1,21 @@
% podman(1)
## NAME
-podman - Simple management tool for containers and images
+podman - Simple management tool for pods, containers and images
## SYNOPSIS
**podman** [*options*] *command*
## DESCRIPTION
-podman is a simple client only tool to help with debugging issues when daemons
-such as CRI runtime and the kubelet are not responding or failing. A shared API
-layer could be created to share code between the daemon and podman. podman does not
-require any daemon running. podman utilizes the same underlying components that
-crio uses i.e. containers/image, container/storage, oci-runtime-tool/generate,
-runc or any other OCI compatible runtime. podman shares state with crio and so
-has the capability to debug pods/images created by crio.
+Podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool.
+Podman provides a Docker-CLI comparable command line that eases the transition from other
+container engines and allows the management of pods, containers and images. Simply put: `alias docker=podman`.
+Most Podman commands can be run as a regular user, without requiring additional
+privileges.
+
+Podman uses Buildah(1) internally to create container images. Both tools share image
+(not container) storage, hence each can use or manipulate images (but not containers)
+created by the other.
**podman [GLOBAL OPTIONS]**
@@ -220,7 +222,7 @@ Images are pulled under `XDG_DATA_HOME` when specified, otherwise in the home di
Currently the slirp4netns package is required to be installed to create a network device, otherwise rootless containers need to run in the network namespace of the host.
## SEE ALSO
-`containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `crio(8)`, `libpod.conf(5)`, `oci-hooks(5)`, `policy.json(5)`, `subuid(5)`, `subgid(5)`, `slirp4netns(1)`
+`containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `buildah(1)`, `crio(8)`, `libpod.conf(5)`, `oci-hooks(5)`, `policy.json(5)`, `subuid(5)`, `subgid(5)`, `slirp4netns(1)`
## HISTORY
Dec 2016, Originally compiled by Dan Walsh <dwalsh@redhat.com>