summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-create.1.md
Commit message (Collapse)AuthorAge
* Merge pull request #11205 from Shivkumar13/shivkumar-tls-fixOpenShift Merge Robot2021-08-23
|\ | | | | Support for --tls-verify flag in podman-run & podman-create
| * Support for --tls-verify flag in podman run & podman createShivkumar132021-08-21
| | | | | | | | Signed-off-by: Shivkumar13 <sople@redhat.com>
* | rename oneshot initcontainers to onceBrent Baude2021-08-12
| | | | | | | | | | | | | | | | | | | | after the init containers pr merged, it was suggested to use `once` instead of `oneshot` containers as it is more aligned with other terminiology used similarily. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Run codespell to fix spellingDaniel J Walsh2021-08-11
|/ | | | | | [NO TESTS NEEDED] Just fixing spelling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11177 from Luap99/source-ipopenshift-ci[bot]2021-08-10
|\ | | | | [CI:DOCS] Document source ip for the rootlesskit port handler
| * Document source ip for the rootlesskit port handlerPaul Holzinger2021-08-10
| | | | | | | | | | | | | | | | Also add some missing options to podman pod create. Fixes #10884 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Add support for pod inside of user namespace.Daniel J Walsh2021-08-09
|/ | | | | | | | | | | | | Add the --userns flag to podman pod create and keep track of the userns setting that pod was created with so that all containers created within the pod will inherit that userns setting. Specifically we need to be able to launch a pod with --userns=keep-id Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* personality: Add support for setting execution domain.flouthoc2021-08-06
| | | | | | | | | | Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add notes to flags not supported on cgroups V2Hironori Shiina2021-07-21
| | | | | | Clarify what flags are not supported on cgroups V2 in documentation. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* Fix up documentation of the userns audit flagDaniel J Walsh2021-07-14
| | | | | | | | | Add reference to the `containers` user in the /etc/subuid and /etc/subgid files. Fixes: https://github.com/containers/podman/issues/10906 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Mention new hostname for loopback IPrugk2021-07-09
| | | | | | | | | | | | | | | | The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is: a) easier to remember than some random IP b) if the IP changes some time in the future the container will continue to work And explain hostname adding in more detail As per @mheon's suggestion. And explain hostname adding *reason* Also implies an suggestion for using the hostname instead. And port change from podman-create man page to podman-run, too Signed-off-by: rugk <rugk+git@posteo.de>
* Support uid,gid,mode options for secretsAshley Cui2021-05-17
| | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* Revert escaped double dash man page flag syntaxPaul Holzinger2021-05-07
| | | | | | | | Commit 800a2e2d35 introduced a way to disable the conversion of `--`into an en dash on docs.podman.io, so the ugly workaround of escaping the dashes is no longer necessary. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10249 from rhatdan/man1OpenShift Merge Robot2021-05-07
|\ | | | | [CI:DOCS] Add documentation on short-names
| * Add documentation on short-namesDaniel J Walsh2021-05-07
| | | | | | | | | | | | | | | | | | Once we settle on the wording for short-names in podman-pull, I will add the same section to all of the podman commands that use pull. Also ran through all man pages with a spell checker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ \ | |/ |/| Add support for environment variable secrets
| * Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | codespell cleanupDaniel J Walsh2021-05-05
| | | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10134 from rhatdan/conmonOpenShift Merge Robot2021-04-27
|\ \ | | | | | | [CI:DOCS] Add more documentation on conmon
| * | Add more documentation on conmonDaniel J Walsh2021-04-27
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | |/ |/| Add podman run --timeout option
| * Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | [CI:DOCS] Fix Markdown layout bugsErik Sjölund2021-04-25
|/ | | | | | | * Add missing backticks to mark the end of the code block. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Add --group-add keep-groups: suplimentary groups into containerDaniel J Walsh2021-04-21
| | | | | | | | | | | | | Currently we have rootless users who want to leak their groups access into containers, but this group access is only able to be pushed in by a hard to find OCI Runtime annotation. This PR makes this option a lot more visable and hides the complexity within the podman client. This option is only really needed for local rootless users. It makes no sense for remote clients, and probably makes little sense for rootfull containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] Fix Markdown table layout bugsErik Sjölund2021-04-20
| | | | | | | | | * Fix the Markdown table layout bugs that manifest themselves in corrupted tables in the generated HTML pages http://docs.podman.io/en/latest/markdown/podman-create.1.html http://docs.podman.io/en/latest/markdown/podman-run.1.html Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.mdErik Sjölund2021-04-20
| | | | | | | | | | Introduce the concept of "intermediate UID" to explain how --uidmap works when running rootless. Add Markdown tables to show examples of how UIDs are mapped. Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* improve documentchenkang2021-04-17
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* Modify according to commentschenkang2021-04-17
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* add flag "--pidfile" for podman create/runwuhua.ck2021-04-16
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* Update documentation of podman-run to reflect volume "U" optionPablo Correa Gómez2021-04-14
| | | | | | | The "U" option is accepted by `--volume` in `podman-build`, but documentation is missing Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* Merge pull request #9754 from mheon/add_depOpenShift Merge Robot2021-04-06
|\ | | | | Add --requires flag to podman run/create
| * Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --usernsErik Sjölund2021-04-03
| | | | | | | | | | | | | | * Adjust Markdown layout for --userns. * Make the --userns sections identical for podman-run.1.md and podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | Fix typos --uidmapping and --gidmappingErik Sjölund2021-04-03
| | | | | | | | | | | | | | * Fix typos --uidmapping and --gidmapping in podman-run.1.md * Add the corresponding sentence in podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | Document --volume from podman-remote run/create clientDaniel J Walsh2021-03-30
|/ | | | | | | | | | | [NO TESTS NEEDED] This PR is mainly documentation and some code cleanup. Also cleanup and consolidate handling of other hanlding of podman-remote hidden options. Fixes: https://github.com/containers/podman/issues/9874 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9856 from Luap99/fix-longflagOpenShift Merge Robot2021-03-29
|\ | | | | [CI:DOCS] Fix long option format on docs.podman.io
| * Fix long option format on docs.podman.ioPaul Holzinger2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Escape the two dashes, otherwise they are combined into one long dash. I tested that this change is safe and still renders correctly on github and with the man pages. This commit also contains a small change to make it build locally. Assuming you have the dependencies installed you can do: ``` cd docs make html ``` Preview the html files in docs/build/html with `python -m http.server 8000 --directory build/html`. Fixes containers/podman.io#373 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | man pages: correct seccomp-policy labelValentin Rothberg2021-03-29
|/ | | | | | | | | The implementation uses `io.containers.seccomp.profile` while the docs mentioned `io.podman`. Correct the two references in the docs to reflect the implementation. Fixes: #9853 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Docs: removing secrets is safe for in-use secretsAshley Cui2021-03-16
| | | | | | | | Add docs explaining that it is safe to remove a secret that is in use by a container: secrets are copied and mounted into the container at creation Signed-off-by: Ashley Cui <acui@redhat.com>
* podman-remote build does not support volumesDaniel J Walsh2021-03-08
| | | | | | | | Remove --volume option from podman-remote since it is not supported, also add information to podman-build man page indicating options not supported over remote connections. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add /sys/fs/cgroup as readonly path in docsJakub Guzik2021-03-03
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Add U volume flag to chown source volumesEduardo Vega2021-02-22
| | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] fix go-md2man HTMLSpan warningsEd Santiago2021-01-19
| | | | | | | | | | | | | | | | | I'm tired of seeing these every time I run 'make': WARNING: go-md2man does not handle node type HTMLSpan Cause: left-angle-brackets ( < ) in document source Solution: 1) backquote-escape those that need to be shown, usually ones referring to an argument or email address; or 2) Actual HTML ( <sup> and <a> ) which are meant to be shown in generated HTML docs but can't be shown in man pages, we filter out via a sed expression. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Handle --rm when starting a containerDaniel J Walsh2020-12-11
| | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>