From 4352d585490f6c1eb7234ef4f92e0157083d69b3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 27 Mar 2020 10:13:51 -0400 Subject: Add support for containers.conf vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang qiwan@redhat.com Signed-off-by: Daniel J Walsh --- docs/source/markdown/podman-create.1.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'docs/source/markdown/podman-create.1.md') diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 63c63dcd2..38b95edc3 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -70,8 +70,8 @@ Drop Linux capabilities Set the cgroup namespace mode for the container. **host**: use the host's cgroup namespace inside the container. **container:**: join the namespace of the specified container. - **private**: create a new cgroup namespace. **ns:**: join the namespace at the specified path. + **private**: create a new cgroup namespace. If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the default is **private**. @@ -550,6 +550,7 @@ Valid values are: - `host`: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - `|`: connect to a user-defined network, multiple networks should be comma separated - `ns:`: path to a network namespace to join +- `private`: create a new namespace for the container (default) - `slirp4netns`: use slirp4netns to create a user network stack. This is the default for rootless containers **--network-alias**=*alias* @@ -579,9 +580,10 @@ Tune the host's OOM preferences for containers (accepts -1000 to 1000) Set the PID mode for the container Default is to create a private PID namespace for the container - 'container:': join another container's PID namespace - 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. - 'ns': join the specified PID namespace +- `container:`: join another container's PID namespace +- `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +- `ns`: join the specified PID namespace +- `private`: create a new namespace for the container (default) **--pids-limit**=*limit* @@ -824,14 +826,16 @@ Without this argument the command will be run as root in the container. **--userns**=*host* **--userns**=*keep-id* **--userns**=container:container +**--userns**=private **--userns**=*ns:my_namespace* Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value means user namespaces are disabled. +- `container`: join the user namespace of the specified container. - `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user. - `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. - `ns`: run the container in the given existing user namespace. -- `container`: join the user namespace of the specified container. +- `private`: create a new namespace for the container (default) This option is incompatible with --gidmap, --uidmap, --subuid and --subgid -- cgit v1.2.3-54-g00ecf