From 19f5a504ffb1470991f331db412be456e41caab5 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 26 Jun 2018 11:23:58 +0200 Subject: docs: add documentation for rootless containers Signed-off-by: Giuseppe Scrivano Closes: #936 Approved by: rhatdan --- docs/podman.1.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/podman.1.md b/docs/podman.1.md index f9ba62fdf..6ce5283cf 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -113,7 +113,7 @@ Print the version **libpod.conf** (`/etc/containers/libpod.conf`) -libpod.conf is the configuration file for all tools using libpod to manage containers +libpod.conf is the configuration file for all tools using libpod to manage containers. This file is ignored when running in rootless mode. **storage.conf** (`/etc/containers/storage.conf`) @@ -143,10 +143,22 @@ For the annotation conditions, libpod uses any annotations set in the generated For the bind-mount conditions, only mounts explicitly requested by the caller via `--volume` are considered. Bind mounts that libpod inserts by default (e.g. `/dev/shm`) are not considered. +Hooks are not used when running in rootless mode. + **registries.conf** (`/etc/containers/registries.conf`) registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +## Rootless mode +Podman can also be used as non-root user. When podman runs in rootless mode, an user namespace is automatically created. + +Containers created by a non-root user are not visible to other users and are not seen or managed by podman running as root. + +Images are pulled under `XDG_DATA_HOME` when specified, otherwise in the home directory of the user under `.local/share/containers/storage`. + +Currently it is not possible to create a network device, so rootless containers need to run in the host network namespace. If a rootless container creates a network namespace, +then only the loopback device will be available. + ## SEE ALSO `oci-hooks(5)`, `registries.conf(5)`, `storage.conf(5)`, `crio(8)` -- cgit v1.2.3-54-g00ecf