summaryrefslogtreecommitdiff
path: root/docs/podman-create.1.md
Commit message (Collapse)AuthorAge
* Add support for anonymous volumes to `podman run -v`Matthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when `podman run` encountered a volume mount without separate source and destination (e.g. `-v /run`) we would assume that both were the same - a bind mount of `/run` on the host to `/run` in the container. However, this does not match Docker's behavior - in Docker, this makes an anonymous named volume that will be mounted at `/run`. We already have (more limited) support for these anonymous volumes in the form of image volumes. Extend this support to allow it to be used with user-created volumes coming in from the `-v` flag. This change also affects how named volumes created by the container but given names are treated by `podman run --rm` and `podman rm -v`. Previously, they would be removed with the container in these cases, but this did not match Docker's behaviour. Docker only removed anonymous volumes. With this patch we move to that model as well; `podman run -v testvol:/test` will not have `testvol` survive the container being removed by `podman rm -v`. The sum total of these changes let us turn on volume removal in `--rm` by default. Fixes: #4276 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* systemd: accept also /sbin/initGiuseppe Scrivano2019-10-15
| | | | | | | | | it is a regression caused by 3ba3e1c7510d1780b6527a4aa52e40ac2c5b576a. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1761514 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cli: support --systemd=alwaysGiuseppe Scrivano2019-10-09
| | | | | | | it enforces the systemd mode also when the command name doesn't match /usr/sbin/init or systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add 'relabel' to --mount optionsDaniel J Walsh2019-09-16
| | | | | | | | | Currently if a user specifies a --mount option, their is no way to tell SELinux to relabel the mount point. This patch addes the relabel=shared and relabel=private options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ | | | | Support running containers without CGroups
| * Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3817 from xcffl/masterOpenShift Merge Robot2019-09-10
|\ \ | |/ |/| Add explanation mounting named volumes for `podman run`
| * Replace "podman" with "Podman"xcffl2019-09-07
| | | | | | | | Signed-off-by: xcffl <xcffl@outlook.com>
* | cli-flags: use a consistent format for <size><unit>Marco Vedovati2019-09-05
|/ | | | | | | | Use a consistent format for description of the <size><unit> flags. Also, avoid backticks for /dev/shm, as that's interpreted as the format by the flag parsing lib. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* Add command aliases to SYNOPSIS sectionRyan Whalen2019-08-31
| | | | | | | | The files under docs/links reference another man page, e.g. `man podman-container-list` displays `podman-ps(1)`. This adds the alias to the in the displayed page's SYNOPSIS section. Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
* Merge pull request #3777 from rhatdan/vendorOpenShift Merge Robot2019-08-19
|\ | | | | Add support & documentation to run containers with different file types
| * Add support & documentation to run containers with different file typesDaniel J Walsh2019-08-13
| | | | | | | | | | | | | | | | | | | | Udica is adding new features to allow users to define container process and file types. This would allow us to setup trusted communications channels between multiple security domains. ContainerA -> ContainerB -> ContainerC Add tests to make sure users can change file types Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3617 from QiWang19/create_pullOpenShift Merge Robot2019-08-17
|\ \ | | | | | | add --pull flag for podman create&run
| * | add --pull flag for podman create&runQi Wang2019-08-09
| |/ | | | | | | | | | | | | | | | | | | | | Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393 Added --pull for podman create and pull to match the newly added flag in docker CLI. `missing`: default value, podman will pull the image if it does not exist in the local. `always`: podman will always pull the image. `never`: podman will never pull the image. Signed-off-by: Qi Wang <qiwan@redhat.com>
* / Remove --tmpfs size defaultAshley Cui2019-08-14
|/ | | | | | | Docker has unlimited tmpfs size where Podman had it set to 64mb. Should be standard between the two. Remove noexec default Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* Set -env variables as appropriateQi Wang2019-07-30
| | | | | | | | close #3648 podman create and podman run do not set --env variable if the environment is not present with a value Signed-off-by: Qi Wang <qiwan@redhat.com>
* podman: support --userns=ns|containerGiuseppe Scrivano2019-07-25
| | | | | | | | allow to join the user namespace of another container. Closes: https://github.com/containers/libpod/issues/3629 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3579 from QiWang19/dns_netOpenShift Merge Robot2019-07-19
|\ | | | | fix --dns and --network conflict
| * fix --dns* and --network not set to host conflictQi Wang2019-07-18
| | | | | | | | | | | | | | Close #3553 This PR makes --dns, --dns-option, --dns-search, and --network not set to host flag mutually exclusive for podman build and create. Returns conflict error if both flags are set. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | libpod: support for cgroup namespaceGiuseppe Scrivano2019-07-18
|/ | | | | | | | | | | | | | allow a container to run in a new cgroup namespace. When running in a new cgroup namespace, the current cgroup appears to be the root, so that there is no way for the container to access cgroups outside of its own subtree. By default it uses --cgroup=host to keep the previous behavior. To create a new namespace, --cgroup=private must be provided. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Make the healthcheck flags compatible with Docker CLIHunor Csomortáni2019-07-16
| | | | | | | | | | | | Docker CLI calls the healthcheck flags "--health-*", instead of "--healthcheck-*". Introduce the former, in order to keep compatibility, and alias the later, in order to avoid breaking current usage. Change "--healthcheck-*" to "--health-*" in the docs and tests. Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* create: improve parser for --healthcheck-commandStefan Becker2019-07-14
| | | | | | | | | | | | | | | | Fix Docker CLI compatibility issue: the "--healthcheck-command" option value should not be split but instead be passed as single string to "CMD-SHELL", i.e. "/bin/sh -c <opt>". On the other hand implement the same extension as is already available for "--entrypoint", i.e. allow the option value to be a JSON array of strings. This will make life easier for tools like podman-compose. Updated "--healthcheck-command" option values in tests accordingly. Continuation of #3455 & #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* Merge pull request #3557 from rhatdan/envOpenShift Merge Robot2019-07-12
|\ | | | | Add support for --env-host
| * Fix spelling mistakes in man pages and other docsDaniel J Walsh2019-07-11
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Add glob parsing for --env flagDaniel J Walsh2019-07-11
| | | | | | | | | | | | Sometimes you want to add a few environmen variables based on the last field being a "*". Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Add support for -env-hostDaniel J Walsh2019-07-11
| | | | | | | | | | | | | | | | | | | | This flag passes the host environment into the container. The basic idea is to leak all environment variables from the host into the container. Environment variables from the image, and passed in via --env and --env-file will override the host environment. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3491 from giuseppe/rlimit-hostOpenShift Merge Robot2019-07-11
|\ \ | |/ |/| podman: add --ulimit host
| * podman: add --ulimit hostGiuseppe Scrivano2019-07-08
| | | | | | | | | | | | | | | | | | add a simple way to copy ulimit values from the host. if --ulimit host is used then the current ulimits in place are copied to the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | docs: fix --healthcheck-command optionStefan Becker2019-07-08
|/ | | | | | | | Make the documentation agree with the code. Related #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* libpod: specify a detach keys sequence in libpod.confMarco Vedovati2019-06-26
| | | | | | Add the ability of specifying a detach keys sequence in libpod.conf Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* Fix documentation for log-driverPeter Hunt2019-06-19
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* cmd, docs, test: fix some typosGiuseppe Scrivano2019-06-18
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* storage: support --mount type=bind,bind-nonrecursiveGiuseppe Scrivano2019-06-13
| | | | | | | | add support for not recursive bind mounts. Closes: https://github.com/containers/libpod/issues/3314 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* standardize documentation formattingAshley Cui2019-06-10
| | | | Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* Update completions and docs to use k8s file as log driverPeter Hunt2019-05-28
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* userns: add new option --userns=keep-idGiuseppe Scrivano2019-05-24
| | | | | | | it creates a namespace where the current UID:GID on the host is mapped to the same UID:GID in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #3072 from mheon/no_rm_volumeOpenShift Merge Robot2019-05-08
|\ | | | | Do not remove volumes when --rm removes a container
| * Do not remove volumes when --rm removes a containerMatthew Heon2019-05-06
| | | | | | | | | | | | | | | | This duplicates Docker behavior for the `--rm` flag. Fixes #3071 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | podman-run|create man updatesbaude2019-05-07
|/ | | | | | | the healthcheck commands were not being specified in the man pages for run and create. Signed-off-by: baude <bbaude@redhat.com>
* Fix manpage typosMatthew Heon2019-05-03
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Address review comments on restart policyMatthew Heon2019-05-03
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add manpage information for restart policyMatthew Heon2019-05-03
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* docs: Fix typo "healthcheck" pt2TomSweeneyRedHat2019-05-02
| | | | | | Replaces #2988. Want to get this is for v1.3. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* http-proxy: improve docsJames Cassell2019-05-01
| | | | Signed-off-by: James Cassell <code@james.cassell.me>
* auto pass http_proxy into containerJames Cassell2019-04-30
| | | | Signed-off-by: James Cassell <code@james.cassell.me>
* Add --read-only-tmpfs optionsDaniel J Walsh2019-04-26
| | | | | | | | | | | The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp if the container is running int read-only mode. The default is true, so you would need to execute a command like --read-only --read-only-tmpfs=false to turn off this behaviour. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>