summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-run.1.md
Commit message (Collapse)AuthorAge
* Docs: removing secrets is safe for in-use secretsAshley Cui2021-03-16
| | | | | | | | Add docs explaining that it is safe to remove a secret that is in use by a container: secrets are copied and mounted into the container at creation Signed-off-by: Ashley Cui <acui@redhat.com>
* podman-remote build does not support volumesDaniel J Walsh2021-03-08
| | | | | | | | Remove --volume option from podman-remote since it is not supported, also add information to podman-build man page indicating options not supported over remote connections. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add /sys/fs/cgroup as readonly path in docsJakub Guzik2021-03-03
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Add U volume flag to chown source volumesEduardo Vega2021-02-22
| | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* Fix typo podman run doc in flag -pid=mode "efault"paranlee2021-02-16
| | | | Signed-off-by: paranlee <paran.lee@mail.uk>
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] fix go-md2man HTMLSpan warningsEd Santiago2021-01-19
| | | | | | | | | | | | | | | | | I'm tired of seeing these every time I run 'make': WARNING: go-md2man does not handle node type HTMLSpan Cause: left-angle-brackets ( < ) in document source Solution: 1) backquote-escape those that need to be shown, usually ones referring to an argument or email address; or 2) Actual HTML ( <sup> and <a> ) which are meant to be shown in generated HTML docs but can't be shown in man pages, we filter out via a sed expression. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Add more information and examples on podman and pipesDaniel J Walsh2021-01-13
| | | | | | | | | Improve the documentation to help users to know proper way to use podman within a pipe. Helps Prevent: https://github.com/containers/podman/issues/8916 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8787 from jsoref/spellingOpenShift Merge Robot2020-12-23
|\ | | | | Spelling
| * SpellingJosh Soref2020-12-22
| | | | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* | Document uid/gidmap are based on subuid/gid mappingTobias Boesch2020-12-23
|/ | | | | | * Closes #6123 Signed-off-by: Tobias Boesch <tobias.boesch@googlemail.com>
* Handle --rm when starting a containerDaniel J Walsh2020-12-11
| | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add containerenv information to /run/.containerenvDaniel J Walsh2020-12-03
| | | | | | | | | | | | | We have been asked to leak some information into the container to indicate: * The name and id of the container * The version of podman used to launch the container * The image name and ID the container is based on. * Whether the container engine is running in rootless mode. Fixes: https://github.com/containers/podman/issues/6192 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8408 from umohnani8/sec-optOpenShift Merge Robot2020-12-03
|\ | | | | Add mask and unmask option to --security-opt
| * Add mask and unmask option to --security-optUrvashi Mohnani2020-12-02
| | | | | | | | | | | | | | | | | | Add the mask and unmask option to the --security-opt flag to allow users to specify paths to mask and unmask in the container. If unmask=ALL, this will unmask all the paths we mask by default. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ \ | |/ |/| Add support for --platform
| * Add support for --platformDaniel J Walsh2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compatibility we need to support --platform flag. podman create --platform podman run --platform podman pull --platform Since we have --override-os and --override-arch already this can be done just by modifying the client to split the --platform call into os and arch and then pass those options to the server side. Fixes: https://github.com/containers/podman/issues/6244 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Document volume mounts of source directories do NOT get createdDaniel J Walsh2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | We differ from Docker, in that we do not create the source directory in a --volume mount if it does not exists. We return an error. We do not believe that a `typo` from the user should cause a directory to be created and silently ignored by Podman. Fixes: https://github.com/containers/podman/issues/8513 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8517 from rhatdan/manOpenShift Merge Robot2020-11-30
|\ \ | | | | | | [CI:DOCS] Fix option names --subuidname and --subgidname
| * | Fix option names --subuidname and --subgidnameDaniel J Walsh2020-11-30
| |/ | | | | | | | | | | | | | | Options --subuid and --subgid does not exists Fixes: https://github.com/containers/podman/issues/8510 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix extra quotation mark in manpages.Matthew Heon2020-11-30
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8465 from rhatdan/pullOpenShift Merge Robot2020-11-30
|\ \ | | | | | | Document docker transport is the only supported remote transport
| * | Document docker transport is the only supported remote transportDaniel J Walsh2020-11-29
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The goal is to improve errors when users use the wrong transport in certain cases we stutter, in other cases we don't give enough information. Remove stutters when failing to pull remote images, because of lack of support. Fix errors returned by reference.Parse to wrap in image that was being checked. Fixes: https://github.com/containers/podman/issues/7116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Revert "Allow multiple --network flags for podman run/create"Luap992020-11-30
|/ | | | | | | | | As described in issue #8507 this commit contains a breaking change which is not wanted in v2.2. We can discuss later if we want this in 3.0 or not. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8410 from Luap99/fix-multiple-networksOpenShift Merge Robot2020-11-21
|\ | | | | Allow multiple --network flags for podman run/create
| * Allow multiple --network flags for podman run/createPaul Holzinger2020-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We allow a container to be connected to several cni networks but only if they are listed comma sperated. This is not intuitive for users especially since the flag parsing allows multiple string flags but only would take the last value. see: spf13/pflag#72 Also get rid of the extra parsing logic for pods. The invalid options are already handled by `pkg/specgen`. A test is added to prevent a future regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Document containers.conf settings for remote connectionsDaniel J Walsh2020-11-19
|/ | | | | | | | | | Currently we don't document which end of the podman-remote client server operations uses the containers.conf. This PR begins documenting this and then testing to make sure the defaults follow the rules. Fixes: https://github.com/containers/podman/issues/7657 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] fix an apostrophe nit in man pageTomSweeneyRedHat2020-11-17
| | | | | | | A quick follow up to #8367 to add a missing apostrophe in three man pages. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Explain the relation between --pod and --networkPaul Holzinger2020-11-17
| | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Maintain consistent order of short and long flag names in docsPaul Holzinger2020-11-12
| | | | | | | | Make the order of short and long flag names in the documentation consistent. Also adjust the man page validaten script to only allow the `**--long**, **-s**` syntax. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* [CI:DOCS] Restore man page cross-checkerEd Santiago2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Somewhere in the CIv2 migration we lost the man page vs --help cross-checker. Add it back, by adding it into the man-page-check Makefile target; this is part of 'make validate', which is run in CI even on CI:DOCS PRs. As happens when CI doesn't run, things broke. Man pages got out of sync with --help. This PR: 1) Fixes hack/xref-helpmsgs-manpages to deal with the new "Options" (instead of "Flags") form of podman help. #8034 did part of that, but one of my review comments was accidentally left out. 2) Fixes hack/xref-helpmsgs-manpages to deal with the new option syntax in man pages, post- #8292, in which each option is preceded by four hashes so as to make them HTML <h4> elements with named anchors. 3) Fixes man pages that #8292 accidentally missed. 4) Adds man page entries for two flags that got added to podman but not documented (pod create --network-alias, play kube --log-driver) Fixes: #8296 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #8292 from Luap99/doc-anchorsOpenShift Merge Robot2020-11-10
|\ | | | | [CI:DOCS] Add anchors for flag names on docs.podman.io
| * Add anchors for flag names on docs.podman.ioPaul Holzinger2020-11-10
| | | | | | | | | | | | | | | | | | | | Change the docs markdown so that flag names will be h4 headers. Sphinx will automatically add anchors to headers. Add css to make sure the flag names are not to big compared to the text. The man pages also still renders fine but it looks a bit different. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | network aliases for container creationbaude2020-11-09
|/ | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* Add better support for unbindable volume mountsDaniel J Walsh2020-11-02
| | | | | | | | Allow users to specify unbindable on volume command line Switch internal mounts to rprivate to help prevent leaks. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* new "image" mount typeValentin Rothberg2020-10-29
| | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8133 from xordspar0/cpu-limit-detailsOpenShift Merge Robot2020-10-27
|\ | | | | [CI:DOCS] Add more details about how CPU limits work
| * Add more details about how CPU limits workJordan Christiansen2020-10-27
| | | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Document how to enable CPU limit delegationJordan Christiansen2020-10-27
|/ | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* podman create doesn't support creating detached containersDaniel J Walsh2020-10-21
| | | | | | | | | | | | Detached containers and detach keys are only created with the podman run, i exec, and start commands. We do not store the detach key sequence or the detach flags in the database, nor does Docker. The current code was ignoreing these fields but documenting that they can be used. Fix podman create man page and --help output to no longer indicate that --detach and --detach-keys works. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* --tls-verify and --authfile should work for all remote commandsDaniel J Walsh2020-10-19
| | | | | | | These options are now fully supported in the remote API and should no longer be hidden and/or documented as non supported. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman-run man page headingJordan Christiansen2020-10-15
| | | | | | | Sharing IPC is meant to be an example under the Examples heading, not a new section. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* Support max_size logoptionsDaniel J Walsh2020-10-05
| | | | | | | | Docker supports log-opt max_size and so does conmon (ALthough poorly). Adding support for this allows users to at least make sure their containers logs do not become a DOS vector. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* spec: open fuse with --device .*/fuseGiuseppe Scrivano2020-10-02
| | | | | | | | | If the container uses the /dev/fuse device, attempt to load the fuse kernel module first so that nested containers can use it. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1872240 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix incorrect parsing of create/run --volumes-fromPaul Holzinger2020-09-20
| | | | | | | | | Add a bunch of tests to ensure that --volumes-from works as expected. Also align the podman create and run man page. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add support for variant when pulling imagesDaniel J Walsh2020-08-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Document override-arch and override-osDaniel J Walsh2020-08-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>