From 3987c529f473178c51feb69d5252c7d5c2a8f697 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 28 Mar 2022 09:10:14 -0400 Subject: Add support for ipc namespace modes "none, private, sharable" Fixes: #13265 Signed-off-by: Daniel J Walsh --- docs/source/markdown/podman-container-inspect.1.md | 2 +- docs/source/markdown/podman-create.1.md | 14 ++++++++++---- docs/source/markdown/podman-run.1.md | 4 ++++ 3 files changed, 15 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/source/markdown/podman-container-inspect.1.md b/docs/source/markdown/podman-container-inspect.1.md index 9945fca7c..4e45bcc40 100644 --- a/docs/source/markdown/podman-container-inspect.1.md +++ b/docs/source/markdown/podman-container-inspect.1.md @@ -219,7 +219,7 @@ $ podman container inspect foobar "DnsSearch": [], "ExtraHosts": [], "GroupAdd": [], - "IpcMode": "private", + "IpcMode": "shareable", "Cgroup": "", "Cgroups": "default", "Links": null, diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index c4d27e321..4f0a3993b 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -504,10 +504,16 @@ To specify multiple static IPv6 addresses per container, set multiple networks u #### **--ipc**=*ipc* -Default is to create a private IPC namespace (POSIX SysV IPC) for the container - `container:`: reuses another container shared memory, semaphores and message queues - `host`: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - `ns:` path to an IPC namespace to join. +Set the IPC namespace mode for a container. The default is to create +a private IPC namespace. + +- "": Use Podman's default, defined in containers.conf. +- **container:**_id_: reuses another container's shared memory, semaphores, and message queues +- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +- **none**: private IPC namespace, with /dev/shm not mounted. +- **ns:**_path_: path to an IPC namespace to join. +- **private**: private IPC namespace. += **shareable**: private IPC namespace with a possibility to share it with other containers. #### **--label**, **-l**=*label* diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index e4ccd0368..d88eb20a4 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -528,9 +528,13 @@ To specify multiple static IPv6 addresses per container, set multiple networks u Set the IPC namespace mode for a container. The default is to create a private IPC namespace. +- "": Use Podman's default, defined in containers.conf. - **container:**_id_: reuses another container shared memory, semaphores and message queues - **host**: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +- **none**: private IPC namespace, with /dev/shm not mounted. - **ns:**_path_: path to an IPC namespace to join. +- **private**: private IPC namespace. += **shareable**: private IPC namespace with a possibility to share it with other containers. #### **--label**, **-l**=*key*=*value* -- cgit v1.2.3-54-g00ecf