summaryrefslogtreecommitdiff
path: root/docs/podman-run.1.md
Commit message (Collapse)AuthorAge
* Add support for anonymous volumes to `podman run -v`Matthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when `podman run` encountered a volume mount without separate source and destination (e.g. `-v /run`) we would assume that both were the same - a bind mount of `/run` on the host to `/run` in the container. However, this does not match Docker's behavior - in Docker, this makes an anonymous named volume that will be mounted at `/run`. We already have (more limited) support for these anonymous volumes in the form of image volumes. Extend this support to allow it to be used with user-created volumes coming in from the `-v` flag. This change also affects how named volumes created by the container but given names are treated by `podman run --rm` and `podman rm -v`. Previously, they would be removed with the container in these cases, but this did not match Docker's behaviour. Docker only removed anonymous volumes. With this patch we move to that model as well; `podman run -v testvol:/test` will not have `testvol` survive the container being removed by `podman rm -v`. The sum total of these changes let us turn on volume removal in `--rm` by default. Fixes: #4276 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* systemd: accept also /sbin/initGiuseppe Scrivano2019-10-15
| | | | | | | | | it is a regression caused by 3ba3e1c7510d1780b6527a4aa52e40ac2c5b576a. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1761514 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Touch up bad math in run man pageTomSweeneyRedHat2019-10-11
| | | | | | | | We'd an off by one error in the run man page spotted by @leorochael in Fixes: #4239 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* cli: support --systemd=alwaysGiuseppe Scrivano2019-10-09
| | | | | | | it enforces the systemd mode also when the command name doesn't match /usr/sbin/init or systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add 'relabel' to --mount optionsDaniel J Walsh2019-09-16
| | | | | | | | | Currently if a user specifies a --mount option, their is no way to tell SELinux to relabel the mount point. This patch addes the relabel=shared and relabel=private options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ | | | | Support running containers without CGroups
| * Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3817 from xcffl/masterOpenShift Merge Robot2019-09-10
|\ \ | |/ |/| Add explanation mounting named volumes for `podman run`
| * Replace "podman" with "Podman"xcffl2019-09-07
| | | | | | | | Signed-off-by: xcffl <xcffl@outlook.com>
| * Add instructions for mounting named volumesxcffl2019-09-07
| | | | | | | | | | | | from the host for `podman run` Signed-off-by: xcffl <xcffl@outlook.com>
* | cli-flags: use a consistent format for <size><unit>Marco Vedovati2019-09-05
|/ | | | | | | | Use a consistent format for description of the <size><unit> flags. Also, avoid backticks for /dev/shm, as that's interpreted as the format by the flag parsing lib. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* Add command aliases to SYNOPSIS sectionRyan Whalen2019-08-31
| | | | | | | | The files under docs/links reference another man page, e.g. `man podman-container-list` displays `podman-ps(1)`. This adds the alias to the in the displayed page's SYNOPSIS section. Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
* Merge pull request #3845 from chrahunt/patch-2OpenShift Merge Robot2019-08-22
|\ | | | | Fix minor typos in podman-run docs.
| * Fix minor typos in podman-run docs.Christopher Hunt2019-08-21
| | | | | | | | Signed-off-by: Chris Hunt <chrahunt@gmail.com>
* | Merge pull request #3777 from rhatdan/vendorOpenShift Merge Robot2019-08-19
|\ \ | |/ |/| Add support & documentation to run containers with different file types
| * Add support & documentation to run containers with different file typesDaniel J Walsh2019-08-13
| | | | | | | | | | | | | | | | | | | | Udica is adding new features to allow users to define container process and file types. This would allow us to setup trusted communications channels between multiple security domains. ContainerA -> ContainerB -> ContainerC Add tests to make sure users can change file types Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3617 from QiWang19/create_pullOpenShift Merge Robot2019-08-17
|\ \ | | | | | | add --pull flag for podman create&run
| * | add --pull flag for podman create&runQi Wang2019-08-09
| |/ | | | | | | | | | | | | | | | | | | | | Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393 Added --pull for podman create and pull to match the newly added flag in docker CLI. `missing`: default value, podman will pull the image if it does not exist in the local. `always`: podman will always pull the image. `never`: podman will never pull the image. Signed-off-by: Qi Wang <qiwan@redhat.com>
* / Remove --tmpfs size defaultAshley Cui2019-08-14
|/ | | | | | | Docker has unlimited tmpfs size where Podman had it set to 64mb. Should be standard between the two. Remove noexec default Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* Merge pull request #3466 from TomSweeneyRedHat/dev/tsweeney/myhomeOpenShift Merge Robot2019-08-06
|\ | | | | Touch up XDG, add rootless links
| * Touch up XDG, add rootless linksTomSweeneyRedHat2019-07-29
| | | | | | | | | | | | | | | | | | | | | | Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number of man pages. Make use of the XDG_CONFIG_HOME environment variable in a rootless environment if available, or set it if not. Also added a number of links to the Rootless Podman config page and added the location of the auth.json files to that doc. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Set -env variables as appropriateQi Wang2019-07-30
|/ | | | | | | | close #3648 podman create and podman run do not set --env variable if the environment is not present with a value Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #3639 from giuseppe/user-ns-containerOpenShift Merge Robot2019-07-26
|\ | | | | podman: support --userns=ns|container
| * podman: support --userns=ns|containerGiuseppe Scrivano2019-07-25
| | | | | | | | | | | | | | | | allow to join the user namespace of another container. Closes: https://github.com/containers/libpod/issues/3629 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Document SELinux label requirements for the rootfs argumentTristan Cacqueray2019-07-24
|/ | | | | | | | | When using the rootfs argument, SELinux systems fails silently when the files are not properly labeled. Related #3628 Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
* Implement conmon execPeter Hunt2019-07-22
| | | | | | | | | | | | | | | | | | | | | | This includes: Implement exec -i and fix some typos in description of -i docs pass failed runtime status to caller Add resize handling for a terminal connection Customize exec systemd-cgroup slice fix healthcheck fix top add --detach-keys Implement podman-remote exec (jhonce) * Cleanup some orphaned code (jhonce) adapt remote exec for conmon exec (pehunt) Fix healthcheck and exec to match docs Introduce two new OCIRuntime errors to more comprehensively describe situations in which the runtime can error Use these different errors in branching for exit code in healthcheck and exec Set conmon to use new api version Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #3579 from QiWang19/dns_netOpenShift Merge Robot2019-07-19
|\ | | | | fix --dns and --network conflict
| * fix --dns* and --network not set to host conflictQi Wang2019-07-18
| | | | | | | | | | | | | | Close #3553 This PR makes --dns, --dns-option, --dns-search, and --network not set to host flag mutually exclusive for podman build and create. Returns conflict error if both flags are set. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | libpod: support for cgroup namespaceGiuseppe Scrivano2019-07-18
|/ | | | | | | | | | | | | | allow a container to run in a new cgroup namespace. When running in a new cgroup namespace, the current cgroup appears to be the root, so that there is no way for the container to access cgroups outside of its own subtree. By default it uses --cgroup=host to keep the previous behavior. To create a new namespace, --cgroup=private must be provided. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Make the healthcheck flags compatible with Docker CLIHunor Csomortáni2019-07-16
| | | | | | | | | | | | Docker CLI calls the healthcheck flags "--health-*", instead of "--healthcheck-*". Introduce the former, in order to keep compatibility, and alias the later, in order to avoid breaking current usage. Change "--healthcheck-*" to "--health-*" in the docs and tests. Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* create: improve parser for --healthcheck-commandStefan Becker2019-07-14
| | | | | | | | | | | | | | | | Fix Docker CLI compatibility issue: the "--healthcheck-command" option value should not be split but instead be passed as single string to "CMD-SHELL", i.e. "/bin/sh -c <opt>". On the other hand implement the same extension as is already available for "--entrypoint", i.e. allow the option value to be a JSON array of strings. This will make life easier for tools like podman-compose. Updated "--healthcheck-command" option values in tests accordingly. Continuation of #3455 & #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* Merge pull request #3557 from rhatdan/envOpenShift Merge Robot2019-07-12
|\ | | | | Add support for --env-host
| * Fix spelling mistakes in man pages and other docsDaniel J Walsh2019-07-11
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Add glob parsing for --env flagDaniel J Walsh2019-07-11
| | | | | | | | | | | | Sometimes you want to add a few environmen variables based on the last field being a "*". Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Add support for -env-hostDaniel J Walsh2019-07-11
| | | | | | | | | | | | | | | | | | | | This flag passes the host environment into the container. The basic idea is to leak all environment variables from the host into the container. Environment variables from the image, and passed in via --env and --env-file will override the host environment. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3491 from giuseppe/rlimit-hostOpenShift Merge Robot2019-07-11
|\ \ | |/ |/| podman: add --ulimit host
| * podman: add --ulimit hostGiuseppe Scrivano2019-07-08
| | | | | | | | | | | | | | | | | | add a simple way to copy ulimit values from the host. if --ulimit host is used then the current ulimits in place are copied to the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | docs: fix --healthcheck-command optionStefan Becker2019-07-08
|/ | | | | | | | Make the documentation agree with the code. Related #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* libpod: specify a detach keys sequence in libpod.confMarco Vedovati2019-06-26
| | | | | | Add the ability of specifying a detach keys sequence in libpod.conf Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* Fix documentation for log-driverPeter Hunt2019-06-19
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* cmd, docs, test: fix some typosGiuseppe Scrivano2019-06-18
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix subgidname option in docs for podman runSagi Shnaidman2019-06-17
| | | | Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* Merge pull request #3306 from rhatdan/exitOpenShift Merge Robot2019-06-14
|\ | | | | Document exit codes for podman exec
| * Document exit codes for podman execDaniel J Walsh2019-06-13
| | | | | | | | | | | | | | Also fix podman run exit codes to show real messages when failures happen. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | storage: support --mount type=bind,bind-nonrecursiveGiuseppe Scrivano2019-06-13
|/ | | | | | | | add support for not recursive bind mounts. Closes: https://github.com/containers/libpod/issues/3314 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* standardize documentation formattingAshley Cui2019-06-10
| | | | Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* Update completions and docs to use k8s file as log driverPeter Hunt2019-05-28
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>