summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-run.1.md
Commit message (Collapse)AuthorAge
* Fix up documentation of the userns audit flagDaniel J Walsh2021-07-14
| | | | | | | | | Add reference to the `containers` user in the /etc/subuid and /etc/subgid files. Fixes: https://github.com/containers/podman/issues/10906 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Mention new hostname for loopback IPrugk2021-07-09
| | | | | | | | | | | | | | | | The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is: a) easier to remember than some random IP b) if the IP changes some time in the future the container will continue to work And explain hostname adding in more detail As per @mheon's suggestion. And explain hostname adding *reason* Also implies an suggestion for using the hostname instead. And port change from podman-create man page to podman-run, too Signed-off-by: rugk <rugk+git@posteo.de>
* podman-run.1.md:detach-keys: spell the default value just onceДилян Палаузов2021-06-12
| | | | | | | | | | | | | Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot assume that the submitter has time or will to read texts about symbolism in software contributions. If the system wants to see the text nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae in each commit, people will write this, or any other text, that the system wants to see. All such text, which presence is mandated by the system, has the same value. Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
* Support uid,gid,mode options for secretsAshley Cui2021-05-17
| | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* Revert escaped double dash man page flag syntaxPaul Holzinger2021-05-07
| | | | | | | | Commit 800a2e2d35 introduced a way to disable the conversion of `--`into an en dash on docs.podman.io, so the ugly workaround of escaping the dashes is no longer necessary. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10249 from rhatdan/man1OpenShift Merge Robot2021-05-07
|\ | | | | [CI:DOCS] Add documentation on short-names
| * Add documentation on short-namesDaniel J Walsh2021-05-07
| | | | | | | | | | | | | | | | | | Once we settle on the wording for short-names in podman-pull, I will add the same section to all of the podman commands that use pull. Also ran through all man pages with a spell checker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ \ | |/ |/| Add support for environment variable secrets
| * Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | codespell cleanupDaniel J Walsh2021-05-05
| | | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10134 from rhatdan/conmonOpenShift Merge Robot2021-04-27
|\ \ | | | | | | [CI:DOCS] Add more documentation on conmon
| * | Add more documentation on conmonDaniel J Walsh2021-04-27
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | |/ |/| Add podman run --timeout option
| * Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | [CI:DOCS] Fix Markdown layout bugsErik Sjölund2021-04-25
|/ | | | | | | * Add missing backticks to mark the end of the code block. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Add --group-add keep-groups: suplimentary groups into containerDaniel J Walsh2021-04-21
| | | | | | | | | | | | | Currently we have rootless users who want to leak their groups access into containers, but this group access is only able to be pushed in by a hard to find OCI Runtime annotation. This PR makes this option a lot more visable and hides the complexity within the podman client. This option is only really needed for local rootless users. It makes no sense for remote clients, and probably makes little sense for rootfull containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] Fix Markdown table layout bugsErik Sjölund2021-04-20
| | | | | | | | | * Fix the Markdown table layout bugs that manifest themselves in corrupted tables in the generated HTML pages http://docs.podman.io/en/latest/markdown/podman-create.1.html http://docs.podman.io/en/latest/markdown/podman-run.1.html Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.mdErik Sjölund2021-04-20
| | | | | | | | | | Introduce the concept of "intermediate UID" to explain how --uidmap works when running rootless. Add Markdown tables to show examples of how UIDs are mapped. Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* improve documentchenkang2021-04-17
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* Modify according to commentschenkang2021-04-17
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* add flag "--pidfile" for podman create/runwuhua.ck2021-04-16
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* Update documentation of podman-run to reflect volume "U" optionPablo Correa Gómez2021-04-14
| | | | | | | The "U" option is accepted by `--volume` in `podman-build`, but documentation is missing Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* Merge pull request #9754 from mheon/add_depOpenShift Merge Robot2021-04-06
|\ | | | | Add --requires flag to podman run/create
| * Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --usernsErik Sjölund2021-04-03
| | | | | | | | | | | | | | * Adjust Markdown layout for --userns. * Make the --userns sections identical for podman-run.1.md and podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | Fix typos --uidmapping and --gidmappingErik Sjölund2021-04-03
| | | | | | | | | | | | | | * Fix typos --uidmapping and --gidmapping in podman-run.1.md * Add the corresponding sentence in podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | Document --volume from podman-remote run/create clientDaniel J Walsh2021-03-30
|/ | | | | | | | | | | [NO TESTS NEEDED] This PR is mainly documentation and some code cleanup. Also cleanup and consolidate handling of other hanlding of podman-remote hidden options. Fixes: https://github.com/containers/podman/issues/9874 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9856 from Luap99/fix-longflagOpenShift Merge Robot2021-03-29
|\ | | | | [CI:DOCS] Fix long option format on docs.podman.io
| * Fix long option format on docs.podman.ioPaul Holzinger2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Escape the two dashes, otherwise they are combined into one long dash. I tested that this change is safe and still renders correctly on github and with the man pages. This commit also contains a small change to make it build locally. Assuming you have the dependencies installed you can do: ``` cd docs make html ``` Preview the html files in docs/build/html with `python -m http.server 8000 --directory build/html`. Fixes containers/podman.io#373 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | man pages: correct seccomp-policy labelValentin Rothberg2021-03-29
|/ | | | | | | | | The implementation uses `io.containers.seccomp.profile` while the docs mentioned `io.podman`. Correct the two references in the docs to reflect the implementation. Fixes: #9853 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Docs: removing secrets is safe for in-use secretsAshley Cui2021-03-16
| | | | | | | | Add docs explaining that it is safe to remove a secret that is in use by a container: secrets are copied and mounted into the container at creation Signed-off-by: Ashley Cui <acui@redhat.com>
* podman-remote build does not support volumesDaniel J Walsh2021-03-08
| | | | | | | | Remove --volume option from podman-remote since it is not supported, also add information to podman-build man page indicating options not supported over remote connections. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add /sys/fs/cgroup as readonly path in docsJakub Guzik2021-03-03
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Add U volume flag to chown source volumesEduardo Vega2021-02-22
| | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* Fix typo podman run doc in flag -pid=mode "efault"paranlee2021-02-16
| | | | Signed-off-by: paranlee <paran.lee@mail.uk>
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] fix go-md2man HTMLSpan warningsEd Santiago2021-01-19
| | | | | | | | | | | | | | | | | I'm tired of seeing these every time I run 'make': WARNING: go-md2man does not handle node type HTMLSpan Cause: left-angle-brackets ( < ) in document source Solution: 1) backquote-escape those that need to be shown, usually ones referring to an argument or email address; or 2) Actual HTML ( <sup> and <a> ) which are meant to be shown in generated HTML docs but can't be shown in man pages, we filter out via a sed expression. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Add more information and examples on podman and pipesDaniel J Walsh2021-01-13
| | | | | | | | | Improve the documentation to help users to know proper way to use podman within a pipe. Helps Prevent: https://github.com/containers/podman/issues/8916 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8787 from jsoref/spellingOpenShift Merge Robot2020-12-23
|\ | | | | Spelling
| * SpellingJosh Soref2020-12-22
| | | | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* | Document uid/gidmap are based on subuid/gid mappingTobias Boesch2020-12-23
|/ | | | | | * Closes #6123 Signed-off-by: Tobias Boesch <tobias.boesch@googlemail.com>
* Handle --rm when starting a containerDaniel J Walsh2020-12-11
| | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add containerenv information to /run/.containerenvDaniel J Walsh2020-12-03
| | | | | | | | | | | | | We have been asked to leak some information into the container to indicate: * The name and id of the container * The version of podman used to launch the container * The image name and ID the container is based on. * Whether the container engine is running in rootless mode. Fixes: https://github.com/containers/podman/issues/6192 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8408 from umohnani8/sec-optOpenShift Merge Robot2020-12-03
|\ | | | | Add mask and unmask option to --security-opt
| * Add mask and unmask option to --security-optUrvashi Mohnani2020-12-02
| | | | | | | | | | | | | | | | | | Add the mask and unmask option to the --security-opt flag to allow users to specify paths to mask and unmask in the container. If unmask=ALL, this will unmask all the paths we mask by default. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ \ | |/ |/| Add support for --platform