From 2e6243b18539175b5ff029a924c4d83834f83d2b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 5 Sep 2018 12:14:57 -0400 Subject: Fix up libpod.conf man pages and referencese to it. Remove podman --config option, since it does not do anything. Signed-off-by: Daniel J Walsh Closes: #1410 Approved by: mheon --- cmd/podman/libpodruntime/runtime.go | 4 +++- cmd/podman/main.go | 5 +++-- docs/libpod.conf.5.md | 18 +++++++++++++++++- docs/podman-create.1.md | 8 ++++---- docs/podman-run.1.md | 9 +++++---- docs/podman.1.md | 6 +----- 6 files changed, 33 insertions(+), 17 deletions(-) diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index ec105719f..b7281ed8c 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -132,6 +132,8 @@ func GetRuntimeWithStorageOpts(c *cli.Context, storageOpts *storage.StoreOptions if c.IsSet("infra-command") { options = append(options, libpod.WithDefaultInfraCommand(c.String("infra-command"))) } - + if c.IsSet("config") { + return libpod.NewRuntimeFromConfig(c.String("config"), options...) + } return libpod.NewRuntime(options...) } diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 9d8d212b8..8d470e10d 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -170,8 +170,9 @@ func main() { Usage: "path of the configuration directory for CNI networks", }, cli.StringFlag{ - Name: "config, c", - Usage: "path of a config file detailing container server configuration options", + Name: "config, c", + Usage: "path of a libpod config file detailing container server configuration options", + Hidden: true, }, cli.StringFlag{ Name: "conmon", diff --git a/docs/libpod.conf.5.md b/docs/libpod.conf.5.md index e544716a3..e881c4296 100644 --- a/docs/libpod.conf.5.md +++ b/docs/libpod.conf.5.md @@ -45,8 +45,24 @@ libpod to manage containers. **cni_plugin_dir**="" Directories where CNI plugin binaries may be located +**pause_image** = "" + Pause container image name for pod pause containers. When running a pod, we + start a `pause` processes in a container to hold open the namespaces associated with the + pod. This container and process, basically sleep/pause for the lifetime of the pod. + +**pause_command**="" + Command to run the pause container + +**namespace**="" + Default libpod namespace. If libpod is joined to a namespace, it will see only containers and pods + that were created in the same namespace, and will create new containers and pods in that namespace. + The default namespace is "", which corresponds to no namespace. When no namespace is set, all + containers and pods are visible. + ## FILES -/etc/containers/libpod.conf, default libpod configuration path + `/usr/share/containers/libpod.conf`, default libpod configuration path + + `/etc/containers/libpod.conf`, override libpod configuration path ## HISTORY Apr 2018, Originally compiled by Nathan Williams diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 8523d0c78..8cbe64a3e 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -492,20 +492,20 @@ of the container is assumed to be managed externally. Security Options +"apparmor=unconfined" : Turn off apparmor confinement for the container +"apparmor=your-profile" : Set the apparmor confinement profile for the container "label=user:USER" : Set the label user for the container "label=role:ROLE" : Set the label role for the container "label=type:TYPE" : Set the label type for the container "label=level:LEVEL" : Set the label level for the container "label=disable" : Turn off label confinement for the container + "no-new-privileges" : Disable container processes from gaining additional privileges "seccomp=unconfined" : Turn off seccomp confinement for the container "seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter -"apparmor=unconfined" : Turn off apparmor confinement for the container -"apparmor=your-profile" : Set the apparmor confinement profile for the container - **--shm-size**="" Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. @@ -736,7 +736,7 @@ $ podman create --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello **/etc/subgid** ## SEE ALSO -SUBGID(5), SUBUID(5), +subgid(5), subuid(5) ## HISTORY October 2017, converted from Docker documentation to podman by Dan Walsh for podman diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 59b9d4b01..0960125a3 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -514,19 +514,20 @@ of the container is assumed to be managed externally. Security Options +- `apparmor=unconfined` : Turn off apparmor confinement for the container +- `apparmor=your-profile` : Set the apparmor confinement profile for the container + - `label=user:USER` : Set the label user for the container - `label=role:ROLE` : Set the label role for the container - `label=type:TYPE` : Set the label type for the container - `label=level:LEVEL` : Set the label level for the container - `label=disable` : Turn off label confinement for the container + - `no-new-privileges` : Disable container processes from gaining additional privileges - `seccomp=unconfined` : Turn off seccomp confinement for the container - `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter -- `apparmor=unconfined` : Turn off apparmor confinement for the container -- `apparmor=your-profile` : Set the apparmor confinement profile for the container - **--shm-size**="" Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. @@ -1024,7 +1025,7 @@ $ podman run --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello **/etc/subgid** ## SEE ALSO -SUBGID(5), SUBUID(5), +subgid(5), subuid(5) ## HISTORY October 2017, converted from Docker documentation to podman by Dan Walsh for podman diff --git a/docs/podman.1.md b/docs/podman.1.md index 31aeeccdb..eb07ed491 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -27,10 +27,6 @@ Print usage statement CGroup manager to use for container cgroups. Supported values are cgroupfs or systemd (default). Setting this flag can cause certain commands to break when called on containers created by the other CGroup manager type. -**--config value, -c**=**"config.file"** - -Path of a config file detailing container server configuration options - **--cpu-profile** Path to where the cpu performance results should be written @@ -213,7 +209,7 @@ Currently it is not possible to create a network device, so rootless containers then only the loopback device will be available. ## SEE ALSO -`oci-hooks(5)`, `containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `crio(8)` +`oci-hooks(5)`, `containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `crio(8)`, `libpod.conf(5)` ## HISTORY Dec 2016, Originally compiled by Dan Walsh -- cgit v1.2.3-54-g00ecf