summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-create.1.md
Commit message (Collapse)AuthorAge
* Support uid,gid,mode options for secretsAshley Cui2021-05-17
| | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* Revert escaped double dash man page flag syntaxPaul Holzinger2021-05-07
| | | | | | | | Commit 800a2e2d35 introduced a way to disable the conversion of `--`into an en dash on docs.podman.io, so the ugly workaround of escaping the dashes is no longer necessary. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10249 from rhatdan/man1OpenShift Merge Robot2021-05-07
|\ | | | | [CI:DOCS] Add documentation on short-names
| * Add documentation on short-namesDaniel J Walsh2021-05-07
| | | | | | | | | | | | | | | | | | Once we settle on the wording for short-names in podman-pull, I will add the same section to all of the podman commands that use pull. Also ran through all man pages with a spell checker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ \ | |/ |/| Add support for environment variable secrets
| * Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | codespell cleanupDaniel J Walsh2021-05-05
| | | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10134 from rhatdan/conmonOpenShift Merge Robot2021-04-27
|\ \ | | | | | | [CI:DOCS] Add more documentation on conmon
| * | Add more documentation on conmonDaniel J Walsh2021-04-27
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | |/ |/| Add podman run --timeout option
| * Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | [CI:DOCS] Fix Markdown layout bugsErik Sjölund2021-04-25
|/ | | | | | | * Add missing backticks to mark the end of the code block. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Add --group-add keep-groups: suplimentary groups into containerDaniel J Walsh2021-04-21
| | | | | | | | | | | | | Currently we have rootless users who want to leak their groups access into containers, but this group access is only able to be pushed in by a hard to find OCI Runtime annotation. This PR makes this option a lot more visable and hides the complexity within the podman client. This option is only really needed for local rootless users. It makes no sense for remote clients, and probably makes little sense for rootfull containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] Fix Markdown table layout bugsErik Sjölund2021-04-20
| | | | | | | | | * Fix the Markdown table layout bugs that manifest themselves in corrupted tables in the generated HTML pages http://docs.podman.io/en/latest/markdown/podman-create.1.html http://docs.podman.io/en/latest/markdown/podman-run.1.html Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.mdErik Sjölund2021-04-20
| | | | | | | | | | Introduce the concept of "intermediate UID" to explain how --uidmap works when running rootless. Add Markdown tables to show examples of how UIDs are mapped. Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* improve documentchenkang2021-04-17
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* Modify according to commentschenkang2021-04-17
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* add flag "--pidfile" for podman create/runwuhua.ck2021-04-16
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* Update documentation of podman-run to reflect volume "U" optionPablo Correa Gómez2021-04-14
| | | | | | | The "U" option is accepted by `--volume` in `podman-build`, but documentation is missing Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* Merge pull request #9754 from mheon/add_depOpenShift Merge Robot2021-04-06
|\ | | | | Add --requires flag to podman run/create
| * Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --usernsErik Sjölund2021-04-03
| | | | | | | | | | | | | | * Adjust Markdown layout for --userns. * Make the --userns sections identical for podman-run.1.md and podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | Fix typos --uidmapping and --gidmappingErik Sjölund2021-04-03
| | | | | | | | | | | | | | * Fix typos --uidmapping and --gidmapping in podman-run.1.md * Add the corresponding sentence in podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | Document --volume from podman-remote run/create clientDaniel J Walsh2021-03-30
|/ | | | | | | | | | | [NO TESTS NEEDED] This PR is mainly documentation and some code cleanup. Also cleanup and consolidate handling of other hanlding of podman-remote hidden options. Fixes: https://github.com/containers/podman/issues/9874 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9856 from Luap99/fix-longflagOpenShift Merge Robot2021-03-29
|\ | | | | [CI:DOCS] Fix long option format on docs.podman.io
| * Fix long option format on docs.podman.ioPaul Holzinger2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Escape the two dashes, otherwise they are combined into one long dash. I tested that this change is safe and still renders correctly on github and with the man pages. This commit also contains a small change to make it build locally. Assuming you have the dependencies installed you can do: ``` cd docs make html ``` Preview the html files in docs/build/html with `python -m http.server 8000 --directory build/html`. Fixes containers/podman.io#373 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | man pages: correct seccomp-policy labelValentin Rothberg2021-03-29
|/ | | | | | | | | The implementation uses `io.containers.seccomp.profile` while the docs mentioned `io.podman`. Correct the two references in the docs to reflect the implementation. Fixes: #9853 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Docs: removing secrets is safe for in-use secretsAshley Cui2021-03-16
| | | | | | | | Add docs explaining that it is safe to remove a secret that is in use by a container: secrets are copied and mounted into the container at creation Signed-off-by: Ashley Cui <acui@redhat.com>
* podman-remote build does not support volumesDaniel J Walsh2021-03-08
| | | | | | | | Remove --volume option from podman-remote since it is not supported, also add information to podman-build man page indicating options not supported over remote connections. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add /sys/fs/cgroup as readonly path in docsJakub Guzik2021-03-03
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Add U volume flag to chown source volumesEduardo Vega2021-02-22
| | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] fix go-md2man HTMLSpan warningsEd Santiago2021-01-19
| | | | | | | | | | | | | | | | | I'm tired of seeing these every time I run 'make': WARNING: go-md2man does not handle node type HTMLSpan Cause: left-angle-brackets ( < ) in document source Solution: 1) backquote-escape those that need to be shown, usually ones referring to an argument or email address; or 2) Actual HTML ( <sup> and <a> ) which are meant to be shown in generated HTML docs but can't be shown in man pages, we filter out via a sed expression. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Handle --rm when starting a containerDaniel J Walsh2020-12-11
| | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ | | | | Add support for --platform
| * Add support for --platformDaniel J Walsh2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compatibility we need to support --platform flag. podman create --platform podman run --platform podman pull --platform Since we have --override-os and --override-arch already this can be done just by modifying the client to split the --platform call into os and arch and then pass those options to the server side. Fixes: https://github.com/containers/podman/issues/6244 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Document volume mounts of source directories do NOT get createdDaniel J Walsh2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | We differ from Docker, in that we do not create the source directory in a --volume mount if it does not exists. We return an error. We do not believe that a `typo` from the user should cause a directory to be created and silently ignored by Podman. Fixes: https://github.com/containers/podman/issues/8513 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8517 from rhatdan/manOpenShift Merge Robot2020-11-30
|\ \ | | | | | | [CI:DOCS] Fix option names --subuidname and --subgidname
| * | Fix option names --subuidname and --subgidnameDaniel J Walsh2020-11-30
| |/ | | | | | | | | | | | | | | Options --subuid and --subgid does not exists Fixes: https://github.com/containers/podman/issues/8510 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix extra quotation mark in manpages.Matthew Heon2020-11-30
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8465 from rhatdan/pullOpenShift Merge Robot2020-11-30
|\ \ | | | | | | Document docker transport is the only supported remote transport
| * | Document docker transport is the only supported remote transportDaniel J Walsh2020-11-29
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The goal is to improve errors when users use the wrong transport in certain cases we stutter, in other cases we don't give enough information. Remove stutters when failing to pull remote images, because of lack of support. Fix errors returned by reference.Parse to wrap in image that was being checked. Fixes: https://github.com/containers/podman/issues/7116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Revert "Allow multiple --network flags for podman run/create"Luap992020-11-30
|/ | | | | | | | | As described in issue #8507 this commit contains a breaking change which is not wanted in v2.2. We can discuss later if we want this in 3.0 or not. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8410 from Luap99/fix-multiple-networksOpenShift Merge Robot2020-11-21
|\ | | | | Allow multiple --network flags for podman run/create
| * Allow multiple --network flags for podman run/createPaul Holzinger2020-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We allow a container to be connected to several cni networks but only if they are listed comma sperated. This is not intuitive for users especially since the flag parsing allows multiple string flags but only would take the last value. see: spf13/pflag#72 Also get rid of the extra parsing logic for pods. The invalid options are already handled by `pkg/specgen`. A test is added to prevent a future regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>