summaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-run.1.md
Commit message (Collapse)AuthorAge
* Merge pull request #7209 from giuseppe/support-mount-devptsOpenShift Merge Robot2020-08-04
|\ | | | | podman: support --mount type=devpts
| * podman: support --mount type=devptsGiuseppe Scrivano2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow to create a devpts mount. This is useful for containers that bind mount /dev/ from the host but at the same time want to create a terminal. It can be used as: podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ... Closes: https://github.com/containers/podman/issues/6804 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Do not set host IP on ports when 0.0.0.0 requestedMatthew Heon2020-08-03
|/ | | | | | | | | | | | | | | | Docker and CNI have very different ideas of what 0.0.0.0 means. Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4 address on the host. CNI (and, thus, root Podman) take it to mean the literal IP 0.0.0.0. Instead, CNI interprets the empty string ("") as "bind to all IPs". We could ask CNI to change, but given this is established behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and turn it into "" when we parse ports. Fixes #7014 Signed-off-by: Matthew Heon <mheon@redhat.com>
* System tests: add environment, volume testsEd Santiago2020-07-28
| | | | | | | | | | | | | | | | | | Tests for #7094, in which symlinks in a volume would cause chown errors and nonrunnable containers. Tests for environment variable precedence, now include --env-host and proxy settings Fix a bug caught by covscan in helpers.t ('source' path would fail if path included spaces). Fix podman-run man page: it was incorrect in stating precedence between in-image environment and --env-host. Fixes: #7099 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix exit code example in podman-run.1.mdErik Sjölund2020-07-23
| | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Merge pull request #7006 from ashley-cui/umaskOpenShift Merge Robot2020-07-22
|\ | | | | Add --umask flag for create, run
| * Add --umask flag for create, runAshley Cui2020-07-21
| | | | | | | | | | | | | | | | --umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #7036 from rhatdan/dockerOpenShift Merge Robot2020-07-21
|\ \ | | | | | | Add noop function disable-content-trust
| * | Add noop function disable-content-trustDaniel J Walsh2020-07-21
| |/ | | | | | | | | | | | | | | People who use docker scripts with Podman see failures if they use disable-content-trust flag. This flag already existed for podman build, adding it to pull/push/create/run. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7028 from xordspar0/patch-1OpenShift Merge Robot2020-07-21
|\ \ | |/ |/| docs: Fix formatting mistake
| * Document proxy env var precedenceJordan Christiansen2020-07-21
| | | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
| * docs: Clarify how env var overriding worksJordan Christiansen2020-07-21
| | | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Switch references from libpod.conf to containers.confDaniel J Walsh2020-07-20
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for overlay volume mounts in podman.Qi Wang2020-07-20
| | | | | | | | Add support -v for overlay volume mounts in podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #6965 from giuseppe/followup-pr6324OpenShift Merge Robot2020-07-17
|\ | | | | allow switching of port-forward approaches in rootless/using slirp4netns
| * docs: document the new slirp4netns optionsGiuseppe Scrivano2020-07-16
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Fix & add notes regarding problematic language in codebaseAshley Cui2020-07-15
|/ | | | | | | | Podman is committed to inclusivity, a core value of open source. Historically, there have been technology terms that are problematic and divisive, and should be changed. We are currently taking time to audit our repository in order to eliminate such terminology, and replace it with more inclusive terms. We are starting where we can, with our own code, comments, and documentation. However, such terms may be used in dependencies, and must be used in our repositories at the current moment for compatibility. Podman will change these terms in our repo as soon as new and better terminology is available to us via our dependencies. For more information: https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language?sc_cid=701600000011gf0AAA Signed-off-by: Ashley Cui <acui@redhat.com>
* Implement --sdnotify cmdline option to control sd-notify behaviorJoseph Gooch2020-07-06
| | | | | | | | | | | | | | | | | | | --sdnotify container|conmon|ignore With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI runtime doesn't pass it into the container. We also advertise "ready" when the OCI runtime finishes to advertise the service as ready. With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI runtime passes it into the container for initialization, and let the container advertise further metadata. This is the default, which is closest to the behavior podman has done in the past. The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor any child processes will talk to systemd. This removes the need for hardcoded CID and PID files in the command line, and the PIDFile directive, as the pid is advertised directly through sd-notify. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* Add --tz flag to create, runAshley Cui2020-07-02
| | | | | | | --tz flag sets timezone inside container Can be set to IANA timezone as well as `local` to match host machine Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #6808 from mheon/allow_empty_hostportOpenShift Merge Robot2020-06-29
|\ | | | | Allow empty host port in --publish flag
| * Allow empty host port in --publish flagMatthew Heon2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | podman: add new cgroup mode splitGiuseppe Scrivano2020-06-25
|/ | | | | | | | | | | | | | | | | | | When running under systemd there is no need to create yet another cgroup for the container. With conmon-delegated the current cgroup will be split in two sub cgroups: - supervisor - container The supervisor cgroup will hold conmon and the podman process, while the container cgroup is used by the OCI runtime (using the cgroupfs backend). Closes: https://github.com/containers/libpod/issues/6400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add --preservefds to podman runQi Wang2020-06-19
| | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #6560 from mheon/fix_exec_logdriverOpenShift Merge Robot2020-06-17
|\ | | | | Do not share container log driver for exec
| * Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Add support for the unless-stopped restart policyMatthew Heon2020-06-17
|/ | | | | | | | | | | | | | | | | | We initially believed that implementing this required support for restarting containers after reboot, but this is not the case. The unless-stopped restart policy acts identically to the always restart policy except in cases related to reboot (which we do not support yet), but it does not require that support for us to implement it. Changes themselves are quite simple, we need a new restart policy constant, we need to remove existing checks that block creation of containers when unless-stopped was used, and we need to update the manpages. Fixes #6508 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* {create,run} --replaceValentin Rothberg2020-06-15
| | | | | | | | | | | | | Add a `--replace` flag to the `container {create,run}` commands. If another container with the same name already exists, it will be replaced and removed. Adding this flag is motivated by #5485 to make running Podman in systemd units (or any other scripts/automation) more robust. In case of a crash, a container may not be removed by a sytemd unit anymore. The `--replace` flag allows for supporting crashes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* docs: create/run fix --pod-id-file descriptionValentin Rothberg2020-06-11
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* container-{create,run}: add `--pod-id-file`Valentin Rothberg2020-06-11
| | | | | | | | Allow containers to join an existing pod via the `--pod-id-file` which is already supported by a number of `podman-pod` subcommands. Also add tests to make sure it's working and to prevent future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Update man pages for --ip with CNI networksMatthew Heon2020-05-31
| | | | | | | | | Originally, we did not allow this, and the manpage reflects that. We added support with 1.7.0, but did not update the manpage. Fix the manpages so they are once again accurate. Signed-off-by: Matthew Heon <mheon@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for `readonly` option to --mountMatthew Heon2020-05-26
| | | | | | | | | This is just an alias to the `ro` option, but it's already in the manpages (and Docker) so we might as well add support for it. Fixes #6379 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6106 from mheon/fix_manpagesOpenShift Merge Robot2020-05-08
|\ | | | | [CI:DOCS] Update manpages for image volumes and MAC address
| * Update manpages for image volumes and MAC addressMatthew Heon2020-05-06
| | | | | | | | | | | | | | | | | | | | When reviewing the manpages for `podman run` to find options to test, I found a few mistakes. The description of how we handle image volumes is extremely outdated, and we now provide full support for the `--mac-address` option. Update the docs for these flags so they're accurate. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | podman: split env variables in env and overridesGiuseppe Scrivano2020-05-07
|/ | | | | | | | | | | | | | There are three different priorities for applying env variables: 1) environment/config file environment variables 2) image's config 3) user overrides (--env) The third kind are known to the client, while the default config and image's config is handled by the backend. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* userns: support --userns=autoGiuseppe Scrivano2020-04-06
| | | | | | | automatically pick an empty range and create an user namespace for the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add support for containers.confDaniel J Walsh2020-03-27
| | | | | | | vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang qiwan@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* man pages: fix inconsistenciesEd Santiago2020-03-10
| | | | | | | | | | | | | | | | | I wrote a script to cross-reference podman --help against man pages. It found a bunch of inconsistencies fix them: * options missing from man pages * options misspelled or misformatted in man pages (usually misplaced asterisks or missing dashes, but see --dns-opt) * one spurious comma in the actual source file --help This is a fix in which I iterate over 'podman CMD --help' and check for presence in man pages. The other way around (look for flags in man pages, check podman CMD --help) is probably impossible: there are too many special cases Signed-off-by: Ed Santiago <santiago@redhat.com>
* Allow users to set TMPDIR environmentDaniel J Walsh2020-03-06
| | | | | | | Some users have small /var/tmp directories and need to be able to specify a different location for temporary files, which includes more space. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add the rmi flag to podman-run to delete container imageBoaz Shuster2020-03-03
| | | | | | | | | | The --rmi flag will delete the container image after its execution unless that image is already been used by another container(s). This is useful when one wants to execute a container once and remove any resources attached to it. Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* Merge pull request #5300 from baude/disablehealthOpenShift Merge Robot2020-02-23
|\ | | | | Add --no-healthcheck command to create/run
| * Add --no-healthcheck command to create/runBrent Baude2020-02-22
| | | | | | | | | | | | | | | | Now support --no-healthcheck option to disable defined healthchecks in a container image. --health-cmd=none remains supported as well. Fixes: #5299 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | docs: symlink to host device is resolvedStefan Becker2020-02-23
|/ | | | | | | | | Also apply changes from commit 3fd9f0c028f9dab7c8923629d4dc5d38e594db1a to the other two commands that have the --device option. Documents #4550 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* podman(1): fixesKir Kolyshkin2020-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I saw some bad formatting when reading "man podman-run" and proceeded to fix it. I have now opened a can of worms... This commit tries to fix some of the formatting, wording and other bugs I came across (unfortunately not all of them). Can't list every fix that I made here, but in general: - format lists as such (prepend items with "- "); - format examples as such (enclose in ```...```); - format literal values (option names, literal values) as **bold**; - format man page references as **page**(1). - format replacements (option values) and file names as _italic_; - remove some duplicate info (such as what's the default value); - move option value description to option syntax; - end sentences with a period. To test: ```console $ make docs $ man ./docs/build/man/podman-run.1 ### check terminal formatting $ man -Tps ./docs/build/man/podman-run.1 > podman-run.ps $ ps2pdf podman-run.ps ### optional $ evince podman-run.pdf ### check printer formatting (or use ps viewr ``` NOTE - there is much more to do here; - I haven't checked any factual contents, this is about formatting Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* docs: add workaround for --device with rootless containers (II)Stefan Becker2020-02-10
| | | | | | | | | | Update documentation for crun >= 0.11. See https://github.com/containers/crun/commit/6df930821d80a8e151674f0fda1321fba93bb92d Fixes #4477 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* Cleanup man pages exit code descriptionsDaniel J Walsh2020-01-26
| | | | | | | The conversion of markdown to man pages is causing "_" to cover entire lines. This PR cleans this up and fixes some of the english. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* seccomp policy: expect profile in config labelValentin Rothberg2020-01-23
| | | | | | | | Move the seccomp profile from a manifest annotation to a config label. This way, we can support it for Docker images as well and provide an easy way to add that data via Dockerfiles. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman: add new option --cgroups=no-conmonGiuseppe Scrivano2020-01-16
| | | | | | | | it allows to disable cgroups creation only for the conmon process. A new cgroup is created for the container payload. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Remove c.String(net)Daniel J Walsh2020-01-16
| | | | | | | We have a lot of cludgy code trying to make --net and --network equivalent. This will allow --net to still exists but will eliminate the help and confusion. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4806 from vrothberg/seccompOpenShift Merge Robot2020-01-15
|\ | | | | policy for seccomp-profile selection
| * policy for seccomp-profile selectionValentin Rothberg2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a policy for selecting a seccomp profile. In addition to the default behaviour (default profile unless --security-opt seccomp is set) add a second policy doing a lookup in the image annotation. If the image has the "io.containers.seccomp.profile" set its value will be interpreted as a seccomp profile. The policy can be selected via the new --seccomp-policy CLI flag. Once the containers.conf support is merged into libpod, we can add an option there as well. Note that this feature is marked as experimental and may change in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>