aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/podman-build.1.md10
-rw-r--r--docs/source/markdown/podman-commit.1.md20
-rw-r--r--docs/source/markdown/podman-container-cleanup.1.md8
-rw-r--r--docs/source/markdown/podman-create.1.md2
-rw-r--r--docs/source/markdown/podman-generate-systemd.1.md12
-rw-r--r--docs/source/markdown/podman-load.1.md2
-rw-r--r--docs/source/markdown/podman-pull.1.md2
-rw-r--r--docs/source/markdown/podman-run.1.md7
-rw-r--r--docs/tutorials/rootless_tutorial.md28
9 files changed, 53 insertions, 38 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 12f099e65..e08eebc24 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -279,6 +279,16 @@ BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci`
Add an image *label* (e.g. label=*value*) to the image metadata. Can be used multiple times.
+Users can set a special LABEL **io.containers.capabilities=CAP1,CAP2,CAP3** in
+a Containerfile that specified the list of Linux capabilities required for the
+container to run properly. This label specified in a container image tells
+Podman to run the container with just these capabilities. Podman launches the
+container with just the specified capabilities, as long as this list of
+capabilities is a subset of the default list.
+
+If the specified capabilities are not in the default set, Podman will
+print an error message and will run the container with the default capabilities.
+
**--layers**
Cache intermediate images during the build process (Default is `true`).
diff --git a/docs/source/markdown/podman-commit.1.md b/docs/source/markdown/podman-commit.1.md
index 66d8811aa..13e46a899 100644
--- a/docs/source/markdown/podman-commit.1.md
+++ b/docs/source/markdown/podman-commit.1.md
@@ -60,8 +60,9 @@ Suppress output
## EXAMPLES
+### Create image from container with entrypoint and label
```
-$ podman commit --change CMD=/bin/bash --change ENTRYPOINT=/bin/sh --change LABEL=blue=image reverent_golick image-committed
+$ podman commit --change CMD=/bin/bash --change ENTRYPOINT=/bin/sh --change "LABEL blue=image" reverent_golick image-committed
Getting image source signatures
Copying blob sha256:b41deda5a2feb1f03a5c1bb38c598cbc12c9ccd675f438edc6acd815f7585b86
25.80 MB / 25.80 MB [======================================================] 0s
@@ -72,26 +73,37 @@ Storing signatures
e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
```
+### Create image from container with commit message
```
-$ podman commit -q --message "committing container to image" reverent_golick image-committed
-e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
+$ podman commit -q --message "committing container to image"
+reverent_golick image-committed
+e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8 ```
```
+### Create image from container with author
```
$ podman commit -q --author "firstName lastName" reverent_golick image-committed
e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
```
+### Pause a running container while creating the image
```
-$ podman commit -q --pause=false containerID image-committed
+$ podman commit -q --pause=true containerID image-committed
e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
```
+### Create an image from a container with a default image tag
```
$ podman commit containerID
e3ce4d93051ceea088d1c242624d659be32cf1667ef62f1d16d6b60193e2c7a8
```
+### Create an image from container with default required capabilities are SETUID and SETGID
+```
+$ podman commit -q --change LABEL=io.containers.capabilities=setuid,setgid epic_nobel privimage
+400d31a3f36dca751435e80a0e16da4859beb51ff84670ce6bdc5edb30b94066
+```
+
## SEE ALSO
podman(1), podman-run(1), podman-create(1)
diff --git a/docs/source/markdown/podman-container-cleanup.1.md b/docs/source/markdown/podman-container-cleanup.1.md
index 69e21ce9f..86e6b4316 100644
--- a/docs/source/markdown/podman-container-cleanup.1.md
+++ b/docs/source/markdown/podman-container-cleanup.1.md
@@ -22,6 +22,14 @@ to run containers such as CRI-O, the last started container could be from either
The latest option is not supported on the remote client.
+**--rm**
+
+After cleanup, remove the container entirely.
+
+**--rmi**
+
+After cleanup, remove the image entirely.
+
## EXAMPLE
`podman container cleanup mywebserver`
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 3c5f81764..23106fe76 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -1066,6 +1066,8 @@ b
**/etc/subuid**
**/etc/subgid**
+NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
+
## SEE ALSO
subgid(5), subuid(5), libpod.conf(5), systemd.unit(5), setsebool(8), slirp4netns(1), fuse-overlayfs(1)
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index 4d3f9ba48..2bcfdb954 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -42,8 +42,8 @@ Create and print a systemd unit file for a container running nginx with an *alwa
$ podman create --name nginx nginx:latest
$ podman generate systemd --restart-policy=always -t 1 nginx
# container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service
-# autogenerated by Podman 1.5.2
-# Wed Aug 21 09:46:45 CEST 2019
+# autogenerated by Podman 1.8.0
+# Wed Mar 09 09:46:45 CEST 2020
[Unit]
Description=Podman container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service
@@ -58,7 +58,7 @@ Type=forking
PIDFile=/run/user/1000/overlay-containers/de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6/userdata/conmon.pid
[Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target default.target
```
Create systemd unit files for a pod with two simple alpine containers. Note that these container services cannot be started or stopped individually via `systemctl`; they are managed by the pod service. You can still use `systemctl status` or journalctl to examine them.
@@ -72,8 +72,8 @@ $ podman generate systemd --files --name systemd-pod
/home/user/container-jolly_shtern.service
$ cat pod-systemd-pod.service
# pod-systemd-pod.service
-# autogenerated by Podman 1.5.2
-# Wed Aug 21 09:52:37 CEST 2019
+# autogenerated by Podman 1.8.0
+# Wed Mar 09 09:52:37 CEST 2020
[Unit]
Description=Podman pod-systemd-pod.service
@@ -90,7 +90,7 @@ Type=forking
PIDFile=/run/user/1000/overlay-containers/ccfd5c71a088768774ca7bd05888d55cc287698dde06f475c8b02f696a25adcd/userdata/conmon.pid
[Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target default.target
```
## SEE ALSO
diff --git a/docs/source/markdown/podman-load.1.md b/docs/source/markdown/podman-load.1.md
index deb4fb5ec..917f102f6 100644
--- a/docs/source/markdown/podman-load.1.md
+++ b/docs/source/markdown/podman-load.1.md
@@ -30,6 +30,8 @@ Read from archive file, default is STDIN.
The remote client requires the use of this option.
+NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of container images. Podman defaults to use `/var/tmp`.
+
**--quiet**, **-q**
Suppress the progress output
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md
index a22d2db42..b3e35c672 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md
@@ -156,6 +156,8 @@ Storing signatures
registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
+NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
+
## SEE ALSO
podman(1), podman-push(1), podman-login(1), containers-registries.conf(5)
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 220b32a46..f595e77e4 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -689,6 +689,11 @@ Note that the container will not be removed when it could not be created or
started successfully. This allows the user to inspect the container after
failure.
+**--rmi**=*true|false*
+
+After exit of the container, remove the image unless another
+container is using it. The default is *false*.
+
**--rootfs**
If specified, the first argument refers to an exploded container on the file system.
@@ -1330,6 +1335,8 @@ b
**/etc/subgid**
+NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
+
## SEE ALSO
**subgid**(5), **subuid**(5), **libpod.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1).
diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md
index 5978d1210..8e048c746 100644
--- a/docs/tutorials/rootless_tutorial.md
+++ b/docs/tutorials/rootless_tutorial.md
@@ -110,34 +110,6 @@ The Podman configuration files for root reside in `/usr/share/containers` with o
The default authorization file used by the `podman login` and `podman logout` commands reside in `${XDG_RUNTIME_DIR}/containers/auth.json`.
-## Systemd unit for rootless container
-
-```
-[Unit]
-Description=nginx
-Requires=user@1001.service
-After=user@1001.service
-[Service]
-Type=simple
-KillMode=none
-MemoryMax=200M
-ExecStartPre=-/usr/bin/podman rm -f nginx
-ExecStartPre=/usr/bin/podman pull nginx
-ExecStart=/usr/bin/podman run --name=nginx -p 8080:80 -v /home/nginx/html:/usr/share/nginx/html:Z nginx
-ExecStop=/usr/bin/podman stop nginx
-Restart=always
-User=nginx
-Group=nginx
-[Install]
-WantedBy=multi-user.target
-```
-
-This example unit will launch a nginx container using the existing user nginx with id 1001, serving static content from /home/nginx/html and limited to 200MB of RAM.
-
-You can use all the usual systemd flags to control the process, including capabilities and cgroup directives to limit memory or CPU.
-
-See #3866 for more details.
-
## More information
If you are still experiencing problems running Podman in a rootless environment, please refer to the [Shortcomings of Rootless Podman](https://github.com/containers/libpod/blob/master/rootless.md) page which lists known issues and solutions to known issues in this environment.