opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 02:18:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/main' into api_compat_containers

Browse Source
This commit is contained in:
Josh Patterson
2022-08-29 15:48:02 -04:00
parent 08af95f635 468aa6478c
commit 0e53c8c735
305 changed files with 7950 additions and 3955 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.cirrus.yml
View File

@ -33,7 +33,7 @@ env:
UBUNTU_NAME: "ubuntu-2204" UBUNTU_NAME: "ubuntu-2204"
# Image identifiers # Image identifiers
IMAGE_SUFFIX: "c5495735033528320" IMAGE_SUFFIX: "c5823947156488192"
# EC2 images # EC2 images
FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}" FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}" FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}"
@ -431,7 +431,7 @@ alt_build_task:
- env: - env:
ALT_NAME: 'Build Without CGO' ALT_NAME: 'Build Without CGO'
- env: - env:
ALT_NAME: 'Test build RPM' ALT_NAME: 'Test build podman-next Copr RPM'
- env: - env:
ALT_NAME: 'Alt Arch. Cross' ALT_NAME: 'Alt Arch. Cross'
# This task cannot make use of the shared repo.tbz artifact. # This task cannot make use of the shared repo.tbz artifact.
@ -681,11 +681,6 @@ podman_machine_task:
# Required_pr_labels does not apply to non-PRs. # Required_pr_labels does not apply to non-PRs.
# Do not run on tags, branches, [CI:BUILD], or [CI:DOCS]. # Do not run on tags, branches, [CI:BUILD], or [CI:DOCS].
only_if: *not_tag_branch_build_docs only_if: *not_tag_branch_build_docs
# This task costs about $4 per attempt to execute.
# Only run it if a magic PR label is present.
# DO NOT ADD THIS TASK AS DEPENDENCY FOR `success_task`
# it will cause an infinate-block / never completing build.
required_pr_labels: test_podman_machine
depends_on: depends_on:
- build - build
- local_integration_test - local_integration_test
@ -708,6 +703,31 @@ podman_machine_task:
always: *int_logs_artifacts always: *int_logs_artifacts
podman_machine_aarch64_task:
name: *std_name_fmt
alias: podman_machine_aarch64
only_if: *not_tag_branch_build_docs
depends_on:
- build_aarch64
- validate_aarch64
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
ec2_instance:
<<: *standard_build_ec2_aarch64
env:
TEST_FLAVOR: "machine"
EC2_INST_TYPE: c6g.metal
PRIV_NAME: "rootless" # intended use-case
DISTRO_NV: "${FEDORA_AARCH64_NAME}"
VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}"
clone_script: *get_gosrc_aarch64
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
# Always run subsequent to integration tests. While parallelism is lost # Always run subsequent to integration tests. While parallelism is lost
# with runtime, debugging system-test failures can be more challenging # with runtime, debugging system-test failures can be more challenging
# for some golang developers. Otherwise the following tasks run across # for some golang developers. Otherwise the following tasks run across
@ -966,8 +986,12 @@ meta_task:
${FEDORA_CACHE_IMAGE_NAME} ${FEDORA_CACHE_IMAGE_NAME}
${UBUNTU_CACHE_IMAGE_NAME} ${UBUNTU_CACHE_IMAGE_NAME}
build-push-${IMAGE_SUFFIX} build-push-${IMAGE_SUFFIX}
EC2IMGNAMES: >-
${FEDORA_AARCH64_AMI}
${FEDORA_AMI}
BUILDID: "${CIRRUS_BUILD_ID}" BUILDID: "${CIRRUS_BUILD_ID}"
REPOREF: "${CIRRUS_REPO_NAME}" REPOREF: "${CIRRUS_REPO_NAME}"
AWSINI: ENCRYPTED[21b2db557171b11eb5abdbccae593f48c9caeba86dfcc4d4ff109edee9b4656ab6720a110dadfcd51e88cc59a71cc7af]
GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4] GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4]
GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6] GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6]
GCPPROJECT: libpod-218412 GCPPROJECT: libpod-218412
@ -1003,9 +1027,8 @@ success_task:
- remote_integration_test - remote_integration_test
- container_integration_test - container_integration_test
- rootless_integration_test - rootless_integration_test
# Label triggered task. If made automatic, remove line below - podman_machine
# AND bypass in contrib/cirrus/cirrus_yaml_test.py for this name. - podman_machine_aarch64
# - podman_machine
- local_system_test - local_system_test
- local_system_test_aarch64 - local_system_test_aarch64
- remote_system_test - remote_system_test

27
.packit.sh Normal file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env bash
# Packit's default fix-spec-file often doesn't fetch version string correctly.
# This script handles any custom processing of the dist-git spec file and gets used by the
# fix-spec-file action in .packit.yaml
set -eo pipefail
# Get Version from HEAD
HEAD_VERSION=$(grep 'var Version = semver.MustParse' version/version.go | cut -d\" -f2 | sed -e 's/-/~/')
# Generate source tarball
git archive --prefix=podman-$HEAD_VERSION/ -o podman-$HEAD_VERSION.tar.gz HEAD
# RPM Spec modifications
# Fix Version
sed -i "s/^Version:.*/Version: $HEAD_VERSION/" podman.spec
# Fix Release
sed -i "s/^Release: %autorelease/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" podman.spec
# Fix Source0
sed -i "s/^Source0:.*.tar.gz/Source0: %{name}-$HEAD_VERSION.tar.gz/" podman.spec
# Fix autosetup
sed -i "s/^%autosetup.*/%autosetup -Sgit -n %{name}-$HEAD_VERSION/" podman.spec

20
.packit.yaml Normal file
View File

@ -0,0 +1,20 @@
# See the documentation for more information:
# https://packit.dev/docs/configuration/
upstream_package_name: podman
downstream_package_name: podman
actions:
post-upstream-clone:
- "curl -O https://src.fedoraproject.org/rpms/podman/raw/main/f/podman.spec"
fix-spec-file:
- bash .packit.sh
jobs:
- job: production_build
trigger: pull_request
targets: &production_dist_targets
- fedora-36
- fedora-37
- fedora-rawhide
scratch: true

7
CONTRIBUTING.md
View File

@ -97,6 +97,13 @@ You need install some dependencies before building a binary.
$ export PKG_CONFIG_PATH="/usr/lib/pkgconfig" $ export PKG_CONFIG_PATH="/usr/lib/pkgconfig"
``` ```
#### Debian / Ubuntu
```shell
$ sudo apt-get install -y libsystemd-dev libgpgme-dev libseccomp-dev
$ export PKG_CONFIG_PATH="/usr/lib/pkgconfig"
```
### Building binaries and test your changes ### Building binaries and test your changes
To test your changes do `make binaries` to generate your binaries. To test your changes do `make binaries` to generate your binaries.

6
Makefile
View File

@ -38,6 +38,7 @@ MANDIR ?= ${PREFIX}/share/man
SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers
ETCDIR ?= ${PREFIX}/etc ETCDIR ?= ${PREFIX}/etc
TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d
USERTMPFILESDIR ?= ${PREFIX}/share/user-tmpfiles.d
MODULESLOADDIR ?= ${PREFIX}/lib/modules-load.d MODULESLOADDIR ?= ${PREFIX}/lib/modules-load.d
SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system
USERSYSTEMDDIR ?= ${PREFIX}/lib/systemd/user USERSYSTEMDDIR ?= ${PREFIX}/lib/systemd/user
@ -266,7 +267,7 @@ test/version/version: version/version.go
.PHONY: codespell .PHONY: codespell
codespell: codespell:
codespell -S bin,vendor,.git,go.sum,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.ps1,*.tar,swagger.yaml,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L pullrequest,uint,iff,od,seeked,splitted,marge,erro,hist,ether -w codespell -S bin,vendor,.git,go.sum,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.ps1,*.tar,swagger.yaml,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L clos,ans,pullrequest,uint,iff,od,seeked,splitted,marge,erro,hist,ether -w
.PHONY: validate .PHONY: validate
validate: lint .gitvalidation validate.completions man-page-check swagger-check tests-included tests-expect-exit pr-removes-fixed-skips validate: lint .gitvalidation validate.completions man-page-check swagger-check tests-included tests-expect-exit pr-removes-fixed-skips
@ -795,8 +796,9 @@ install.completions:
install.docker: install.docker:
install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(BINDIR) install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(BINDIR)
install ${SELINUXOPT} -m 755 docker $(DESTDIR)$(BINDIR)/docker install ${SELINUXOPT} -m 755 docker $(DESTDIR)$(BINDIR)/docker
install ${SELINUXOPT} -m 755 -d ${DESTDIR}${SYSTEMDDIR} ${DESTDIR}${USERSYSTEMDDIR} ${DESTDIR}${TMPFILESDIR} install ${SELINUXOPT} -m 755 -d ${DESTDIR}${SYSTEMDDIR} ${DESTDIR}${USERSYSTEMDDIR} ${DESTDIR}${TMPFILESDIR} ${DESTDIR}${USERTMPFILESDIR}
install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-docker.conf -t ${DESTDIR}${TMPFILESDIR} install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-docker.conf -t ${DESTDIR}${TMPFILESDIR}
install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-docker.conf -t ${DESTDIR}${USERTMPFILESDIR}
.PHONY: install.docker-docs .PHONY: install.docker-docs
install.docker-docs: install.docker-docs:

2
RELEASE_NOTES.md
View File

@ -11,7 +11,7 @@
- The `podman play kube` command now supports volumes with the `BlockDevice` and `CharDevice` types ([#13951](https://github.com/containers/podman/issues/13951)). - The `podman play kube` command now supports volumes with the `BlockDevice` and `CharDevice` types ([#13951](https://github.com/containers/podman/issues/13951)).
- The `podman play kube` command now features a new flag, `--userns`, to set the user namespace of created pods. Two values are allowed at present: `host` and `auto` ([#7504](https://github.com/containers/podman/issues/7504)). - The `podman play kube` command now features a new flag, `--userns`, to set the user namespace of created pods. Two values are allowed at present: `host` and `auto` ([#7504](https://github.com/containers/podman/issues/7504)).
- The `podman play kube` command now supports setting the type of created init containers via the `io.podman.annotations.init.container.type` annotation. - The `podman play kube` command now supports setting the type of created init containers via the `io.podman.annotations.init.container.type` annotation.
- Pods now have include an exit policy (configurable via the `--exit-policy` option to `podman pod create`), which determines what will happen to the pod's infra container when the entire pod stops. The default, `continue`, acts as Podman currently does, while a new option, `stop`, stops the infra container after the last container in the pod stops, and is used by default for pods from `podman play kube` ([#13464](https://github.com/containers/podman/issues/13464)). - The `podman pod create` command now supports an exit policy (configurable via the `--exit-policy` option), which determines what will happen to the pod's infra container when the entire pod stops. The default, `continue`, acts as Podman currently does, while a new option, `stop`, stops the infra container after the last container in the pod stops. The latter is used for pods created via `podman play kube` ([#13464](https://github.com/containers/podman/issues/13464)).
- The `podman pod create` command now allows the pod's name to be specified as an argument, instead of using the `--name` option - for example, `podman pod create mypod` instead of the prior `podman pod create --name mypod`. Please note that the `--name` option is not deprecated and will continue to work. - The `podman pod create` command now allows the pod's name to be specified as an argument, instead of using the `--name` option - for example, `podman pod create mypod` instead of the prior `podman pod create --name mypod`. Please note that the `--name` option is not deprecated and will continue to work.
- The `podman pod create` command's `--share` option now supports adding namespaces to the set by prefacing them with `+` (as opposed to specifying all namespaces that should be shared) ([#13422](https://github.com/containers/podman/issues/13422)). - The `podman pod create` command's `--share` option now supports adding namespaces to the set by prefacing them with `+` (as opposed to specifying all namespaces that should be shared) ([#13422](https://github.com/containers/podman/issues/13422)).
- The `podman pod create` command has a new option, `--shm-size`, to specify the size of the `/dev/shm` mount that will be shared if the pod shares its UTS namespace ([#14609](https://github.com/containers/podman/issues/14609)). - The `podman pod create` command has a new option, `--shm-size`, to specify the size of the `/dev/shm` mount that will be shared if the pod shares its UTS namespace ([#14609](https://github.com/containers/podman/issues/14609)).

8
cmd/podman/common/create.go
View File

@ -124,6 +124,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
"This is a Docker specific option and is a NOOP", "This is a Docker specific option and is a NOOP",
) )
envMergeFlagName := "env-merge"
createFlags.StringArrayVar(
&cf.EnvMerge,
envMergeFlagName, []string{},
"Preprocess environment variables from image before injecting them into the container",
)
_ = cmd.RegisterFlagCompletionFunc(envMergeFlagName, completion.AutocompleteNone)
envFlagName := "env" envFlagName := "env"
createFlags.StringArrayP( createFlags.StringArrayP(
envFlagName, "e", Env(), envFlagName, "e", Env(),

69
cmd/podman/containers/restart.go
View File

@ -3,13 +3,14 @@ package containers
import ( import (
"context" "context"
"fmt" "fmt"
"io/ioutil"
"strings"
"github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/completion"
"github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/common"
"github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/registry"
"github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/cmd/podman/utils"
"github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/cmd/podman/validate"
"github.com/containers/podman/v4/libpod/define"
"github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/domain/entities"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
@ -25,7 +26,7 @@ var (
Long: restartDescription, Long: restartDescription,
RunE: restart, RunE: restart,
Args: func(cmd *cobra.Command, args []string) error { Args: func(cmd *cobra.Command, args []string) error {
return validate.CheckAllLatestAndIDFile(cmd, args, false, "") return validate.CheckAllLatestAndIDFile(cmd, args, false, "cidfile")
}, },
ValidArgsFunction: common.AutocompleteContainers, ValidArgsFunction: common.AutocompleteContainers,
Example: `podman restart ctrID Example: `podman restart ctrID
@ -47,20 +48,35 @@ var (
) )
var ( var (
restartOptions = entities.RestartOptions{} restartOpts = entities.RestartOptions{
restartTimeout uint Filters: make(map[string][]string),
}
restartCidFiles = []string{}
restartTimeout uint
) )
func restartFlags(cmd *cobra.Command) { func restartFlags(cmd *cobra.Command) {
flags := cmd.Flags() flags := cmd.Flags()
flags.BoolVarP(&restartOptions.All, "all", "a", false, "Restart all non-running containers") flags.BoolVarP(&restartOpts.All, "all", "a", false, "Restart all non-running containers")
flags.BoolVar(&restartOptions.Running, "running", false, "Restart only running containers when --all is used") flags.BoolVar(&restartOpts.Running, "running", false, "Restart only running containers")
cidfileFlagName := "cidfile"
flags.StringArrayVar(&restartCidFiles, cidfileFlagName, nil, "Read the container ID from the file")
_ = cmd.RegisterFlagCompletionFunc(cidfileFlagName, completion.AutocompleteDefault)
filterFlagName := "filter"
flags.StringSliceVarP(&filters, filterFlagName, "f", []string{}, "Filter output based on conditions given")
_ = cmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompletePsFilters)
timeFlagName := "time" timeFlagName := "time"
flags.UintVarP(&restartTimeout, timeFlagName, "t", containerConfig.Engine.StopTimeout, "Seconds to wait for stop before killing the container") flags.UintVarP(&restartTimeout, timeFlagName, "t", containerConfig.Engine.StopTimeout, "Seconds to wait for stop before killing the container")
_ = cmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone) _ = cmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone)
if registry.IsRemote() {
_ = flags.MarkHidden("cidfile")
}
flags.SetNormalizeFunc(utils.AliasFlags) flags.SetNormalizeFunc(utils.AliasFlags)
} }
@ -69,39 +85,54 @@ func init() {
Command: restartCommand, Command: restartCommand,
}) })
restartFlags(restartCommand) restartFlags(restartCommand)
validate.AddLatestFlag(restartCommand, &restartOptions.Latest) validate.AddLatestFlag(restartCommand, &restartOpts.Latest)
registry.Commands = append(registry.Commands, registry.CliCommand{ registry.Commands = append(registry.Commands, registry.CliCommand{
Command: containerRestartCommand, Command: containerRestartCommand,
Parent: containerCmd, Parent: containerCmd,
}) })
restartFlags(containerRestartCommand) restartFlags(containerRestartCommand)
validate.AddLatestFlag(containerRestartCommand, &restartOptions.Latest) validate.AddLatestFlag(containerRestartCommand, &restartOpts.Latest)
} }
func restart(cmd *cobra.Command, args []string) error { func restart(cmd *cobra.Command, args []string) error {
var ( var (
errs utils.OutputErrors errs utils.OutputErrors
) )
if len(args) < 1 && !restartOptions.Latest && !restartOptions.All {
return fmt.Errorf("you must provide at least one container name or ID: %w", define.ErrInvalidArg)
}
if len(args) > 0 && restartOptions.Latest {
return fmt.Errorf("--latest and containers cannot be used together: %w", define.ErrInvalidArg)
}
if cmd.Flag("time").Changed { if cmd.Flag("time").Changed {
restartOptions.Timeout = &restartTimeout restartOpts.Timeout = &restartTimeout
} }
responses, err := registry.ContainerEngine().ContainerRestart(context.Background(), args, restartOptions)
for _, cidFile := range restartCidFiles {
content, err := ioutil.ReadFile(cidFile)
if err != nil {
return fmt.Errorf("error reading CIDFile: %w", err)
}
id := strings.Split(string(content), "\n")[0]
args = append(args, id)
}
for _, f := range filters {
split := strings.SplitN(f, "=", 2)
if len(split) < 2 {
return fmt.Errorf("invalid filter %q", f)
}
restartOpts.Filters[split[0]] = append(restartOpts.Filters[split[0]], split[1])
}
responses, err := registry.ContainerEngine().ContainerRestart(context.Background(), args, restartOpts)
if err != nil { if err != nil {
return err return err
} }
for _, r := range responses { for _, r := range responses {
if r.Err == nil { switch {
fmt.Println(r.Id) case r.Err != nil:
} else {
errs = append(errs, r.Err) errs = append(errs, r.Err)
case r.RawInput != "":
fmt.Println(r.RawInput)
default:
fmt.Println(r.Id)
} }
} }
return errs.PrintErrors() return errs.PrintErrors()

7
cmd/podman/containers/rm.go
View File

@ -149,7 +149,8 @@ func removeContainers(namesOrIDs []string, rmOptions entities.RmOptions, setExit
return err return err
} }
for _, r := range responses { for _, r := range responses {
if r.Err != nil { switch {
case r.Err != nil:
if errors.Is(r.Err, define.ErrWillDeadlock) { if errors.Is(r.Err, define.ErrWillDeadlock) {
logrus.Errorf("Potential deadlock detected - please run 'podman system renumber' to resolve") logrus.Errorf("Potential deadlock detected - please run 'podman system renumber' to resolve")
} }
@ -160,8 +161,10 @@ func removeContainers(namesOrIDs []string, rmOptions entities.RmOptions, setExit
setExitCode(r.Err) setExitCode(r.Err)
} }
errs = append(errs, r.Err) errs = append(errs, r.Err)
} else { case r.RawInput != "":
fmt.Println(r.RawInput) fmt.Println(r.RawInput)
default:
fmt.Println(r.Id)
} }
} }
return errs.PrintErrors() return errs.PrintErrors()

5
cmd/podman/containers/stats.go
View File

@ -58,6 +58,7 @@ type statsOptionsCLI struct {
var ( var (
statsOptions statsOptionsCLI statsOptions statsOptionsCLI
notrunc bool
) )
func statFlags(cmd *cobra.Command) { func statFlags(cmd *cobra.Command) {
@ -69,6 +70,7 @@ func statFlags(cmd *cobra.Command) {
flags.StringVar(&statsOptions.Format, formatFlagName, "", "Pretty-print container statistics to JSON or using a Go template") flags.StringVar(&statsOptions.Format, formatFlagName, "", "Pretty-print container statistics to JSON or using a Go template")
_ = cmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&containerStats{})) _ = cmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&containerStats{}))
flags.BoolVar(&notrunc, "no-trunc", false, "Do not truncate output")
flags.BoolVar(&statsOptions.NoReset, "no-reset", false, "Disable resetting the screen between intervals") flags.BoolVar(&statsOptions.NoReset, "no-reset", false, "Disable resetting the screen between intervals")
flags.BoolVar(&statsOptions.NoStream, "no-stream", false, "Disable streaming stats and only pull the first result, default setting is false") flags.BoolVar(&statsOptions.NoStream, "no-stream", false, "Disable streaming stats and only pull the first result, default setting is false")
intervalFlagName := "interval" intervalFlagName := "interval"
@ -186,6 +188,9 @@ type containerStats struct {
} }
func (s *containerStats) ID() string { func (s *containerStats) ID() string {
if notrunc {
return s.ContainerID
}
return s.ContainerID[0:12] return s.ContainerID[0:12]
} }

5
cmd/podman/images/pull.go
View File

@ -155,6 +155,11 @@ func imagePull(cmd *cobra.Command, args []string) error {
pullOptions.Username = creds.Username pullOptions.Username = creds.Username
pullOptions.Password = creds.Password pullOptions.Password = creds.Password
} }
if !pullOptions.Quiet {
pullOptions.Writer = os.Stderr
}
// Let's do all the remaining Yoga in the API to prevent us from // Let's do all the remaining Yoga in the API to prevent us from
// scattering logic across (too) many parts of the code. // scattering logic across (too) many parts of the code.
var errs utils.OutputErrors var errs utils.OutputErrors

4
cmd/podman/images/push.go
View File

@ -164,6 +164,10 @@ func imagePush(cmd *cobra.Command, args []string) error {
pushOptions.Password = creds.Password pushOptions.Password = creds.Password
} }
if !pushOptions.Quiet {
pushOptions.Writer = os.Stderr
}
if err := common.PrepareSigningPassphrase(&pushOptions.ImagePushOptions, pushOptions.SignPassphraseFileCLI); err != nil { if err := common.PrepareSigningPassphrase(&pushOptions.ImagePushOptions, pushOptions.SignPassphraseFileCLI); err != nil {
return err return err
} }

4
cmd/podman/images/save.go
View File

@ -103,8 +103,8 @@ func save(cmd *cobra.Command, args []string) (finalErr error) {
tags []string tags []string
succeeded = false succeeded = false
) )
if cmd.Flag("compress").Changed && (saveOpts.Format != define.OCIManifestDir && saveOpts.Format != define.V2s2ManifestDir) { if cmd.Flag("compress").Changed && saveOpts.Format != define.V2s2ManifestDir {
return errors.New("--compress can only be set when --format is either 'oci-dir' or 'docker-dir'") return errors.New("--compress can only be set when --format is 'docker-dir'")
} }
if len(saveOpts.Output) == 0 { if len(saveOpts.Output) == 0 {
saveOpts.Quiet = true saveOpts.Quiet = true

4
cmd/podman/images/trust_set.go
View File

@ -53,7 +53,7 @@ File(s) must exist before using this command`)
} }
func setTrust(cmd *cobra.Command, args []string) error { func setTrust(cmd *cobra.Command, args []string) error {
validTrustTypes := []string{"accept", "insecureAcceptAnything", "reject", "signedBy"} validTrustTypes := []string{"accept", "insecureAcceptAnything", "reject", "signedBy", "sigstoreSigned"}
valid, err := isValidImageURI(args[0]) valid, err := isValidImageURI(args[0])
if err != nil || !valid { if err != nil || !valid {
@ -61,7 +61,7 @@ func setTrust(cmd *cobra.Command, args []string) error {
} }
if !util.StringInSlice(setOptions.Type, validTrustTypes) { if !util.StringInSlice(setOptions.Type, validTrustTypes) {
return fmt.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy')", setOptions.Type) return fmt.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy', 'sigstoreSigned')", setOptions.Type)
} }
return registry.ImageEngine().SetTrust(registry.Context(), args, setOptions) return registry.ImageEngine().SetTrust(registry.Context(), args, setOptions)
} }

17
cmd/podman/inspect/inspect.go
View File

@ -201,7 +201,7 @@ func (i *inspector) inspect(namesOrIDs []string) error {
err = printJSON(data) err = printJSON(data)
default: default:
// Landing here implies user has given a custom --format // Landing here implies user has given a custom --format
row := inspectNormalize(i.options.Format) row := inspectNormalize(i.options.Format, tmpType)
row = report.NormalizeFormat(row) row = report.NormalizeFormat(row)
row = report.EnforceRange(row) row = report.EnforceRange(row)
err = printTmpl(tmpType, row, data) err = printTmpl(tmpType, row, data)
@ -300,7 +300,7 @@ func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]inte
return data, allErrs, nil return data, allErrs, nil
} }
func inspectNormalize(row string) string { func inspectNormalize(row string, inspectType string) string {
m := regexp.MustCompile(`{{\s*\.Id\s*}}`) m := regexp.MustCompile(`{{\s*\.Id\s*}}`)
row = m.ReplaceAllString(row, "{{.ID}}") row = m.ReplaceAllString(row, "{{.ID}}")
@ -309,5 +309,18 @@ func inspectNormalize(row string) string {
".Dst", ".Destination", ".Dst", ".Destination",
".ImageID", ".Image", ".ImageID", ".Image",
) )
// If inspect type is `image` we need to replace
// certain additional fields like `.Config.HealthCheck`
// but don't want to replace them for other inspect types.
if inspectType == common.ImageType {
r = strings.NewReplacer(
".Src", ".Source",
".Dst", ".Destination",
".ImageID", ".Image",
".Config.Healthcheck", ".HealthCheck",
)
}
return r.Replace(row) return r.Replace(row)
} }

3
cmd/podman/kube/down.go
View File

@ -19,7 +19,8 @@ var (
Args: cobra.ExactArgs(1), Args: cobra.ExactArgs(1),
ValidArgsFunction: common.AutocompleteDefaultOneArg, ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman kube down nginx.yml Example: `podman kube down nginx.yml
cat nginx.yml | podman kube down -`, cat nginx.yml | podman kube down -
podman kube down https://example.com/nginx.yml`,
} }
) )

29
cmd/podman/kube/generate.go
View File

@ -22,7 +22,7 @@ var (
Whether the input is for a container or pod, Podman will always generate the specification as a pod.` Whether the input is for a container or pod, Podman will always generate the specification as a pod.`
generateKubeCmd = &cobra.Command{ kubeGenerateCmd = &cobra.Command{
Use: "generate [options] {CONTAINER...|POD...|VOLUME...}", Use: "generate [options] {CONTAINER...|POD...|VOLUME...}",
Short: "Generate Kubernetes YAML from containers, pods or volumes.", Short: "Generate Kubernetes YAML from containers, pods or volumes.",
Long: generateDescription, Long: generateDescription,
@ -35,33 +35,28 @@ var (
podman kube generate volumeName podman kube generate volumeName
podman kube generate ctrID podID volumeName --service`, podman kube generate ctrID podID volumeName --service`,
} }
kubeGenerateDescription = generateDescription
kubeGenerateCmd = &cobra.Command{ generateKubeCmd = &cobra.Command{
Use: "kube [options] {CONTAINER...|POD...|VOLUME...}", Use: "kube [options] {CONTAINER...|POD...|VOLUME...}",
Short: "Generate Kubernetes YAML from containers, pods or volumes.", Short: kubeGenerateCmd.Short,
Long: kubeGenerateDescription, Long: kubeGenerateCmd.Long,
RunE: kubeGenerate, RunE: kubeGenerateCmd.RunE,
Args: cobra.MinimumNArgs(1), Args: kubeGenerateCmd.Args,
ValidArgsFunction: common.AutocompleteForGenerate, ValidArgsFunction: kubeGenerateCmd.ValidArgsFunction,
Example: `podman kube generate ctrID Example: kubeGenerateCmd.Example,
podman kube generate podID
podman kube generate --service podID
podman kube generate volumeName
podman kube generate ctrID podID volumeName --service`,
} }
) )
func init() { func init() {
registry.Commands = append(registry.Commands, registry.CliCommand{ registry.Commands = append(registry.Commands, registry.CliCommand{
Command: generateKubeCmd, Command: generateKubeCmd,
Parent: kubeCmd, Parent: generate.GenerateCmd,
}) })
generateFlags(generateKubeCmd) generateFlags(generateKubeCmd)
registry.Commands = append(registry.Commands, registry.CliCommand{ registry.Commands = append(registry.Commands, registry.CliCommand{
Command: kubeGenerateCmd, Command: kubeGenerateCmd,
Parent: generate.GenerateCmd, Parent: kubeCmd,
}) })
generateFlags(kubeGenerateCmd) generateFlags(kubeGenerateCmd)
} }
@ -103,7 +98,3 @@ func generateKube(cmd *cobra.Command, args []string) error {
fmt.Println(string(content)) fmt.Println(string(content))
return nil return nil
} }
func kubeGenerate(cmd *cobra.Command, args []string) error {
return generateKube(cmd, args)
}

26
cmd/podman/kube/play.go
View File

@ -5,7 +5,9 @@ import (
"errors" "errors"
"fmt" "fmt"
"io" "io"
"io/ioutil"
"net" "net"
"net/http"
"os" "os"
"strings" "strings"
@ -13,6 +15,7 @@ import (
"github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/completion"
"github.com/containers/image/v5/types" "github.com/containers/image/v5/types"
"github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/common"
"github.com/containers/podman/v4/cmd/podman/parse"
"github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/registry"
"github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/cmd/podman/utils"
"github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/define"
@ -52,7 +55,8 @@ var (
ValidArgsFunction: common.AutocompleteDefaultOneArg, ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman kube play nginx.yml Example: `podman kube play nginx.yml
cat nginx.yml | podman kube play - cat nginx.yml | podman kube play -
podman kube play --creds user:password --seccomp-profile-root /custom/path apache.yml`, podman kube play --creds user:password --seccomp-profile-root /custom/path apache.yml
podman kube play https://example.com/nginx.yml`,
} }
) )
@ -67,7 +71,8 @@ var (
ValidArgsFunction: common.AutocompleteDefaultOneArg, ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman play kube nginx.yml Example: `podman play kube nginx.yml
cat nginx.yml | podman play kube - cat nginx.yml | podman play kube -
podman play kube --creds user:password --seccomp-profile-root /custom/path apache.yml`, podman play kube --creds user:password --seccomp-profile-root /custom/path apache.yml
podman play kube https://example.com/nginx.yml`,
} }
) )
@ -167,7 +172,7 @@ func playFlags(cmd *cobra.Command) {
_ = cmd.RegisterFlagCompletionFunc(contextDirFlagName, completion.AutocompleteDefault) _ = cmd.RegisterFlagCompletionFunc(contextDirFlagName, completion.AutocompleteDefault)
// NOTE: The service-container flag is marked as hidden as it // NOTE: The service-container flag is marked as hidden as it
// is purely designed for running kube-play in systemd units. // is purely designed for running kube-play or play-kube in systemd units.
// It is not something users should need to know or care about. // It is not something users should need to know or care about.
// //
// Having a flag rather than an env variable is cleaner. // Having a flag rather than an env variable is cleaner.
@ -255,6 +260,7 @@ func play(cmd *cobra.Command, args []string) error {
return err return err
} }
} }
return kubeplay(reader) return kubeplay(reader)
} }
@ -263,6 +269,7 @@ func playKube(cmd *cobra.Command, args []string) error {
} }
func readerFromArg(fileName string) (*bytes.Reader, error) { func readerFromArg(fileName string) (*bytes.Reader, error) {
errURL := parse.ValidURL(fileName)
if fileName == "-" { // Read from stdin if fileName == "-" { // Read from stdin
data, err := io.ReadAll(os.Stdin) data, err := io.ReadAll(os.Stdin)
if err != nil { if err != nil {
@ -270,6 +277,19 @@ func readerFromArg(fileName string) (*bytes.Reader, error) {
} }
return bytes.NewReader(data), nil return bytes.NewReader(data), nil
} }
if errURL == nil {
response, err := http.Get(fileName)
if err != nil {
return nil, err
}
defer response.Body.Close()
data, err := ioutil.ReadAll(response.Body)
if err != nil {
return nil, err
}
return bytes.NewReader(data), nil
}
f, err := os.Open(fileName) f, err := os.Open(fileName)
if err != nil { if err != nil {
return nil, err return nil, err

12
cmd/podman/manifest/add.go
View File

@ -2,6 +2,7 @@ package manifest
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"github.com/containers/common/pkg/auth" "github.com/containers/common/pkg/auth"
@ -20,6 +21,7 @@ type manifestAddOptsWrapper struct {
entities.ManifestAddOptions entities.ManifestAddOptions
TLSVerifyCLI bool // CLI only TLSVerifyCLI bool // CLI only
Insecure bool // CLI only
CredentialsCLI string CredentialsCLI string
} }
@ -77,6 +79,8 @@ func init() {
flags.StringVar(&manifestAddOpts.OSVersion, osVersionFlagName, "", "override the OS `version` of the specified image") flags.StringVar(&manifestAddOpts.OSVersion, osVersionFlagName, "", "override the OS `version` of the specified image")
_ = addCmd.RegisterFlagCompletionFunc(osVersionFlagName, completion.AutocompleteNone) _ = addCmd.RegisterFlagCompletionFunc(osVersionFlagName, completion.AutocompleteNone)
flags.BoolVar(&manifestAddOpts.Insecure, "insecure", false, "neither require HTTPS nor verify certificates when accessing the registry")
_ = flags.MarkHidden("insecure")
flags.BoolVar(&manifestAddOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry") flags.BoolVar(&manifestAddOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
variantFlagName := "variant" variantFlagName := "variant"
@ -89,7 +93,7 @@ func init() {
} }
func add(cmd *cobra.Command, args []string) error { func add(cmd *cobra.Command, args []string) error {
if err := auth.CheckAuthFile(manifestPushOpts.Authfile); err != nil { if err := auth.CheckAuthFile(manifestAddOpts.Authfile); err != nil {
return err return err
} }
@ -109,6 +113,12 @@ func add(cmd *cobra.Command, args []string) error {
if cmd.Flags().Changed("tls-verify") { if cmd.Flags().Changed("tls-verify") {
manifestAddOpts.SkipTLSVerify = types.NewOptionalBool(!manifestAddOpts.TLSVerifyCLI) manifestAddOpts.SkipTLSVerify = types.NewOptionalBool(!manifestAddOpts.TLSVerifyCLI)
} }
if cmd.Flags().Changed("insecure") {
if manifestAddOpts.SkipTLSVerify != types.OptionalBoolUndefined {
return errors.New("--insecure may not be used with --tls-verify")
}
manifestAddOpts.SkipTLSVerify = types.NewOptionalBool(manifestAddOpts.Insecure)
}
listID, err := registry.ImageEngine().ManifestAdd(context.Background(), args[0], args[1:], manifestAddOpts.ManifestAddOptions) listID, err := registry.ImageEngine().ManifestAdd(context.Background(), args[0], args[1:], manifestAddOpts.ManifestAddOptions)
if err != nil { if err != nil {

32
cmd/podman/manifest/create.go
View File

@ -1,16 +1,26 @@
package manifest package manifest
import ( import (
"errors"
"fmt" "fmt"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/common"
"github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/registry"
"github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/domain/entities"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
// manifestCreateOptsWrapper wraps entities.ManifestCreateOptions and prevents leaking
// CLI-only fields into the API types.
type manifestCreateOptsWrapper struct {
entities.ManifestCreateOptions
TLSVerifyCLI, Insecure bool // CLI only
}
var ( var (
manifestCreateOpts = entities.ManifestCreateOptions{} manifestCreateOpts = manifestCreateOptsWrapper{}
createCmd = &cobra.Command{ createCmd = &cobra.Command{
Use: "create [options] LIST [IMAGE...]", Use: "create [options] LIST [IMAGE...]",
Short: "Create manifest list or image index", Short: "Create manifest list or image index",
@ -32,10 +42,28 @@ func init() {
}) })
flags := createCmd.Flags() flags := createCmd.Flags()
flags.BoolVar(&manifestCreateOpts.All, "all", false, "add all of the lists' images if the images to add are lists") flags.BoolVar(&manifestCreateOpts.All, "all", false, "add all of the lists' images if the images to add are lists")
flags.BoolVarP(&manifestCreateOpts.Amend, "amend", "a", false, "modify an existing list if one with the desired name already exists")
flags.BoolVar(&manifestCreateOpts.Insecure, "insecure", false, "neither require HTTPS nor verify certificates when accessing the registry")
_ = flags.MarkHidden("insecure")
flags.BoolVar(&manifestCreateOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
} }
func create(cmd *cobra.Command, args []string) error { func create(cmd *cobra.Command, args []string) error {
imageID, err := registry.ImageEngine().ManifestCreate(registry.Context(), args[0], args[1:], manifestCreateOpts) // TLS verification in c/image is controlled via a `types.OptionalBool`
// which allows for distinguishing among set-true, set-false, unspecified
// which is important to implement a sane way of dealing with defaults of
// boolean CLI flags.
if cmd.Flags().Changed("tls-verify") {
manifestCreateOpts.SkipTLSVerify = types.NewOptionalBool(!manifestCreateOpts.TLSVerifyCLI)
}
if cmd.Flags().Changed("insecure") {
if manifestCreateOpts.SkipTLSVerify != types.OptionalBoolUndefined {
return errors.New("--insecure may not be used with --tls-verify")
}
manifestCreateOpts.SkipTLSVerify = types.NewOptionalBool(manifestCreateOpts.Insecure)
}
imageID, err := registry.ImageEngine().ManifestCreate(registry.Context(), args[0], args[1:], manifestCreateOpts.ManifestCreateOptions)
if err != nil { if err != nil {
return err return err
} }

20
cmd/podman/manifest/push.go
View File

@ -1,8 +1,10 @@
package manifest package manifest
import ( import (
"errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os"
"github.com/containers/common/pkg/auth" "github.com/containers/common/pkg/auth"
"github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/completion"
@ -20,9 +22,9 @@ import (
type manifestPushOptsWrapper struct { type manifestPushOptsWrapper struct {
entities.ImagePushOptions entities.ImagePushOptions
TLSVerifyCLI bool // CLI only TLSVerifyCLI, Insecure bool // CLI only
CredentialsCLI string CredentialsCLI string
SignPassphraseFileCLI string SignPassphraseFileCLI string
} }
var ( var (
@ -82,6 +84,8 @@ func init() {
_ = pushCmd.RegisterFlagCompletionFunc(signPassphraseFileFlagName, completion.AutocompleteDefault) _ = pushCmd.RegisterFlagCompletionFunc(signPassphraseFileFlagName, completion.AutocompleteDefault)
flags.BoolVar(&manifestPushOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry") flags.BoolVar(&manifestPushOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
flags.BoolVar(&manifestPushOpts.Insecure, "insecure", false, "neither require HTTPS nor verify certificates when accessing the registry")
_ = flags.MarkHidden("insecure")
flags.BoolVarP(&manifestPushOpts.Quiet, "quiet", "q", false, "don't output progress information when pushing lists") flags.BoolVarP(&manifestPushOpts.Quiet, "quiet", "q", false, "don't output progress information when pushing lists")
flags.SetNormalizeFunc(utils.AliasFlags) flags.SetNormalizeFunc(utils.AliasFlags)
@ -119,6 +123,10 @@ func push(cmd *cobra.Command, args []string) error {
manifestPushOpts.Password = creds.Password manifestPushOpts.Password = creds.Password
} }
if !manifestPushOpts.Quiet {
manifestPushOpts.Writer = os.Stderr
}
if err := common.PrepareSigningPassphrase(&manifestPushOpts.ImagePushOptions, manifestPushOpts.SignPassphraseFileCLI); err != nil { if err := common.PrepareSigningPassphrase(&manifestPushOpts.ImagePushOptions, manifestPushOpts.SignPassphraseFileCLI); err != nil {
return err return err
} }
@ -130,6 +138,12 @@ func push(cmd *cobra.Command, args []string) error {
if cmd.Flags().Changed("tls-verify") { if cmd.Flags().Changed("tls-verify") {
manifestPushOpts.SkipTLSVerify = types.NewOptionalBool(!manifestPushOpts.TLSVerifyCLI) manifestPushOpts.SkipTLSVerify = types.NewOptionalBool(!manifestPushOpts.TLSVerifyCLI)
} }
if cmd.Flags().Changed("insecure") {
if manifestPushOpts.SkipTLSVerify != types.OptionalBoolUndefined {
return errors.New("--insecure may not be used with --tls-verify")
}
manifestPushOpts.SkipTLSVerify = types.NewOptionalBool(manifestPushOpts.Insecure)
}
digest, err := registry.ImageEngine().ManifestPush(registry.Context(), args[0], args[1], manifestPushOpts.ImagePushOptions) digest, err := registry.ImageEngine().ManifestPush(registry.Context(), args[0], args[1], manifestPushOpts.ImagePushOptions)
if err != nil { if err != nil {
return err return err

9
cmd/podman/parse/net.go
View File

@ -151,15 +151,6 @@ func parseEnvOrLabelFile(envOrLabel map[string]string, filename, configType stri
return scanner.Err() return scanner.Err()
} }
// ValidateFileName returns an error if filename contains ":"
// as it is currently not supported
func ValidateFileName(filename string) error {
if strings.Contains(filename, ":") {
return fmt.Errorf("invalid filename (should not contain ':') %q", filename)
}
return nil
}
// ValidURL checks a string urlStr is a url or not // ValidURL checks a string urlStr is a url or not
func ValidURL(urlStr string) error { func ValidURL(urlStr string) error {
url, err := url.ParseRequestURI(urlStr) url, err := url.ParseRequestURI(urlStr)

18
cmd/podman/parse/parse.go Normal file
View File

@ -0,0 +1,18 @@
//go:build !windows
// +build !windows
package parse
import (
"fmt"
"strings"
)
// ValidateFileName returns an error if filename contains ":"
// as it is currently not supported
func ValidateFileName(filename string) error {
if strings.Contains(filename, ":") {
return fmt.Errorf("invalid filename (should not contain ':') %q", filename)
}
return nil
}

5
cmd/podman/parse/parse_windows.go Normal file
View File

@ -0,0 +1,5 @@
package parse
func ValidateFileName(filename string) error {
return nil
}

2
cmd/podman/registry/config.go
View File

@ -61,7 +61,7 @@ func newPodmanConfig() {
switch runtime.GOOS { switch runtime.GOOS {
case "darwin", "windows": case "darwin", "windows":
mode = entities.TunnelMode mode = entities.TunnelMode
case "linux": case "linux", "freebsd":
// Some linux clients might only be compiled without ABI // Some linux clients might only be compiled without ABI
// support (e.g., podman-remote). // support (e.g., podman-remote).
if abiSupport && !IsRemote() { if abiSupport && !IsRemote() {

2
cmd/podman/secrets/create.go
View File

@ -46,7 +46,7 @@ func init() {
cfg := registry.PodmanConfig() cfg := registry.PodmanConfig()
flags.StringVar(&createOpts.Driver, driverFlagName, cfg.Secrets.Driver, "Specify secret driver") flags.StringVarP(&createOpts.Driver, driverFlagName, "d", cfg.Secrets.Driver, "Specify secret driver")
flags.StringToStringVar(&createOpts.DriverOpts, optsFlagName, cfg.Secrets.Opts, "Specify driver specific options") flags.StringToStringVar(&createOpts.DriverOpts, optsFlagName, cfg.Secrets.Opts, "Specify driver specific options")
_ = createCmd.RegisterFlagCompletionFunc(driverFlagName, completion.AutocompleteNone) _ = createCmd.RegisterFlagCompletionFunc(driverFlagName, completion.AutocompleteNone)
_ = createCmd.RegisterFlagCompletionFunc(optsFlagName, completion.AutocompleteNone) _ = createCmd.RegisterFlagCompletionFunc(optsFlagName, completion.AutocompleteNone)

2
cmd/podman/secrets/inspect.go
View File

@ -34,7 +34,7 @@ func init() {
}) })
flags := inspectCmd.Flags() flags := inspectCmd.Flags()
formatFlagName := "format" formatFlagName := "format"
flags.StringVar(&format, formatFlagName, "", "Format volume output using Go template") flags.StringVarP(&format, formatFlagName, "f", "", "Format volume output using Go template")
_ = inspectCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.SecretInfoReport{})) _ = inspectCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.SecretInfoReport{}))
} }

22
cmd/podman/secrets/list.go
View File

@ -34,6 +34,7 @@ type listFlagType struct {
format string format string
noHeading bool noHeading bool
filter []string filter []string
quiet bool
} }
func init() { func init() {
@ -43,13 +44,20 @@ func init() {
}) })
flags := lsCmd.Flags() flags := lsCmd.Flags()
formatFlagName := "format" formatFlagName := "format"
flags.StringVar(&listFlag.format, formatFlagName, "{{.ID}}\t{{.Name}}\t{{.Driver}}\t{{.CreatedAt}}\t{{.UpdatedAt}}\t\n", "Format volume output using Go template") flags.StringVar(&listFlag.format, formatFlagName, "{{.ID}}\t{{.Name}}\t{{.Driver}}\t{{.CreatedAt}}\t{{.UpdatedAt}}\t\n", "Format volume output using Go template")
_ = lsCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.SecretInfoReport{})) _ = lsCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.SecretInfoReport{}))
filterFlagName := "filter" filterFlagName := "filter"
flags.StringSliceVarP(&listFlag.filter, filterFlagName, "f", []string{}, "Filter secret output") flags.StringSliceVarP(&listFlag.filter, filterFlagName, "f", []string{}, "Filter secret output")
_ = lsCmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompleteSecretFilters) _ = lsCmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompleteSecretFilters)
flags.BoolVar(&listFlag.noHeading, "noheading", false, "Do not print headers")
noHeadingFlagName := "noheading"
flags.BoolVar(&listFlag.noHeading, noHeadingFlagName, false, "Do not print headers")
quietFlagName := "quiet"
flags.BoolVarP(&listFlag.quiet, quietFlagName, "q", false, "Print secret IDs only")
} }
func ls(cmd *cobra.Command, args []string) error { func ls(cmd *cobra.Command, args []string) error {
@ -76,9 +84,21 @@ func ls(cmd *cobra.Command, args []string) error {
Driver: response.Spec.Driver.Name, Driver: response.Spec.Driver.Name,
}) })
} }
if listFlag.quiet && !cmd.Flags().Changed("format") {
return quietOut(listed)
}
return outputTemplate(cmd, listed) return outputTemplate(cmd, listed)
} }
func quietOut(responses []*entities.SecretListReport) error {
for _, response := range responses {
fmt.Println(response.ID)
}
return nil
}
func outputTemplate(cmd *cobra.Command, responses []*entities.SecretListReport) error { func outputTemplate(cmd *cobra.Command, responses []*entities.SecretListReport) error {
headers := report.Headers(entities.SecretListReport{}, map[string]string{ headers := report.Headers(entities.SecretListReport{}, map[string]string{
"CreatedAt": "CREATED", "CreatedAt": "CREATED",

3
cmd/podman/syslog_linux.go → cmd/podman/syslog_common.go
View File

@ -1,3 +1,6 @@
//go:build linux || freebsd
// +build linux freebsd
package main package main
import ( import (

4
cmd/podman/syslog_unsupported.go
View File

@ -1,5 +1,5 @@
//go:build !linux //go:build !linux && !freebsd
// +build !linux // +build !linux,!freebsd
package main package main

4
cmd/podman/system/service_abi.go
View File

@ -105,7 +105,9 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
} }
if err := utils.MaybeMoveToSubCgroup(); err != nil { if err := utils.MaybeMoveToSubCgroup(); err != nil {
return err // it is a best effort operation, so just print the
// error for debugging purposes.
logrus.Debugf("Could not move to subcgroup: %v", err)
} }
servicereaper.Start() servicereaper.Start()

2
cmd/rootlessport/main.go
View File

@ -225,7 +225,7 @@ outer:
// https://github.com/containers/podman/issues/11248 // https://github.com/containers/podman/issues/11248
// Copy /dev/null to stdout and stderr to prevent SIGPIPE errors // Copy /dev/null to stdout and stderr to prevent SIGPIPE errors
if f, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755); err == nil { if f, err := os.OpenFile(os.DevNull, os.O_WRONLY, 0755); err == nil {
unix.Dup2(int(f.Fd()), 1) //nolint:errcheck unix.Dup2(int(f.Fd()), 1) //nolint:errcheck
unix.Dup2(int(f.Fd()), 2) //nolint:errcheck unix.Dup2(int(f.Fd()), 2) //nolint:errcheck
f.Close() f.Close()

2
contrib/cirrus/cirrus_yaml_test.py
View File

@ -26,7 +26,7 @@ class TestCaseBase(unittest.TestCase):
class TestDependsOn(TestCaseBase): class TestDependsOn(TestCaseBase):
ALL_TASK_NAMES = None ALL_TASK_NAMES = None
SUCCESS_DEPS_EXCLUDE = set(['success', 'artifacts', 'podman_machine', SUCCESS_DEPS_EXCLUDE = set(['success', 'artifacts',
'test_image_build', 'release', 'release_test']) 'test_image_build', 'release', 'release_test'])
def setUp(self): def setUp(self):

14
contrib/pkginstaller/Makefile
View File

@ -1,7 +1,6 @@
SHELL := bash SHELL := bash
ARCH ?= aarch64 ARCH ?= aarch64
PODMAN_VERSION ?= 4.1.0
GVPROXY_VERSION ?= 0.4.0 GVPROXY_VERSION ?= 0.4.0
QEMU_VERSION ?= 7.0.0-2 QEMU_VERSION ?= 7.0.0-2
GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin
@ -13,6 +12,9 @@ PKG_NAME := podman-installer-macos-$(ARCH).pkg
default: pkginstaller default: pkginstaller
podman_version:
make -C ../../ test/version/version
$(TMP_DOWNLOAD)/gvproxy: $(TMP_DOWNLOAD)/gvproxy:
mkdir -p $(TMP_DOWNLOAD) mkdir -p $(TMP_DOWNLOAD)
cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL) cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL)
@ -21,7 +23,7 @@ $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz:
mkdir -p $(TMP_DOWNLOAD) mkdir -p $(TMP_DOWNLOAD)
cd $(TMP_DOWNLOAD) && curl -sLO $(QEMU_RELEASE_URL) cd $(TMP_DOWNLOAD) && curl -sLO $(QEMU_RELEASE_URL)
packagedir: package_root Distribution welcome.html packagedir: podman_version package_root Distribution welcome.html
mkdir -p $(PACKAGE_DIR) mkdir -p $(PACKAGE_DIR)
cp -r Resources $(PACKAGE_DIR)/ cp -r Resources $(PACKAGE_DIR)/
cp welcome.html $(PACKAGE_DIR)/Resources/ cp welcome.html $(PACKAGE_DIR)/Resources/
@ -30,7 +32,7 @@ packagedir: package_root Distribution welcome.html
cp -r $(PACKAGE_ROOT) $(PACKAGE_DIR)/ cp -r $(PACKAGE_ROOT) $(PACKAGE_DIR)/
cp package.sh $(PACKAGE_DIR)/ cp package.sh $(PACKAGE_DIR)/
cd $(PACKAGE_DIR) && pkgbuild --analyze --root ./root component.plist cd $(PACKAGE_DIR) && pkgbuild --analyze --root ./root component.plist
echo -n $(PODMAN_VERSION) > $(PACKAGE_DIR)/VERSION ../../test/version/version > $(PACKAGE_DIR)/VERSION
echo -n $(ARCH) > $(PACKAGE_DIR)/ARCH echo -n $(ARCH) > $(PACKAGE_DIR)/ARCH
cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt
cp hvf.entitlements $(PACKAGE_DIR)/ cp hvf.entitlements $(PACKAGE_DIR)/
@ -41,8 +43,8 @@ package_root: clean-pkgroot $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_V
cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/ cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/
chmod a+x $(PACKAGE_ROOT)/podman/bin/* chmod a+x $(PACKAGE_ROOT)/podman/bin/*
%: %.in %: %.in podman_version
@sed -e 's/__VERSION__/'$(PODMAN_VERSION)'/g' $< >$@ @sed -e 's/__VERSION__/'$(shell ../../test/version/version)'/g' $< >$@
pkginstaller: packagedir pkginstaller: packagedir
cd $(PACKAGE_DIR) && ./package.sh .. cd $(PACKAGE_DIR) && ./package.sh ..
@ -55,7 +57,7 @@ notarize: _notarize
.PHONY: clean clean-pkgroot .PHONY: clean clean-pkgroot
clean: clean:
rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html ../../test/version/version
clean-pkgroot: clean-pkgroot:
rm -rf $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html rm -rf $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html

2
contrib/systemd/system/podman-docker.conf
View File

@ -1 +1 @@
L+ /run/docker.sock - - - - /run/podman/podman.sock L+ %t/docker.sock - - - - %t/podman/podman.sock

20
docs/source/markdown/.gitignore vendored
View File

@ -1,8 +1,28 @@
podman-auto-update.1.md
podman-build.1.md podman-build.1.md
podman-container-clone.1.md podman-container-clone.1.md
podman-container-runlabel.1.md
podman-create.1.md podman-create.1.md
podman-exec.1.md
podman-image-sign.1.md
podman-kill.1.md
podman-kube-play.1.md podman-kube-play.1.md
podman-login.1.md
podman-logout.1.md
podman-logs.1.md
podman-manifest-add.1.md
podman-manifest-push.1.md
podman-pause.1.md
podman-pod-clone.1.md podman-pod-clone.1.md
podman-pod-create.1.md podman-pod-create.1.md
podman-pod-logs.1.md
podman-pod-rm.1.md
podman-pod-start.1.md
podman-pod-stop.1.md
podman-pull.1.md podman-pull.1.md
podman-push.1.md
podman-rm.1.md
podman-run.1.md podman-run.1.md
podman-search.1.md
podman-stop.1.md
podman-unpause.1.md

2
docs/source/markdown/options/annotation.container.md
View File

@ -1,3 +1,3 @@
#### **--annotation**=*key=value* #### **--annotation**=*key=value*
Add an annotation to the container<| or pod>. This option can be set multiple times. Add an annotation to the container<<| or pod>>. This option can be set multiple times.

1
docs/source/markdown/options/arch.md
View File

@ -1,2 +1,3 @@
#### **--arch**=*ARCH* #### **--arch**=*ARCH*
Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`. Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`.
Unless overridden, subsequent lookups of the same image in the local storage will match this architecture, regardless of the host.

6
docs/source/markdown/options/authfile.md Normal file
View File

@ -0,0 +1,6 @@
#### **--authfile**=*path*
Path of the authentication file. Default is `${XDG_RUNTIME_DIR}/containers/auth.json`, which is set using **[podman login](podman-login.1.md)**.
If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using **docker login**.
Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**.

2
docs/source/markdown/options/blkio-weight.md
View File

@ -1,3 +1,5 @@
#### **--blkio-weight**=*weight* #### **--blkio-weight**=*weight*
Block IO relative weight. The _weight_ is a value between **10** and **1000**. Block IO relative weight. The _weight_ is a value between **10** and **1000**.
This option is not supported on cgroups V1 rootless systems.

5
docs/source/markdown/options/cert-dir.md Normal file
View File

@ -0,0 +1,5 @@
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** for details.
(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)

4
docs/source/markdown/options/cidfile.read.md Normal file
View File

@ -0,0 +1,4 @@
#### **--cidfile**=*file*
Read container ID from the specified *file* and <<subcommand>> the container.
Can be specified multiple times.

3
docs/source/markdown/options/cidfile.write.md Normal file
View File

@ -0,0 +1,3 @@
#### **--cidfile**=*file*
Write the container ID to *file*.

3
docs/source/markdown/options/color.md Normal file
View File

@ -0,0 +1,3 @@
#### **--color**
Output the containers with different colors in the log.

6
docs/source/markdown/options/cpu-period.md
View File

@ -5,6 +5,8 @@ duration in microseconds. Once the container's CPU quota is used up, it will
not be scheduled to run until the current period ends. Defaults to 100000 not be scheduled to run until the current period ends. Defaults to 100000
microseconds. microseconds.
On some systems, changing the CPU limits may not be allowed for non-root On some systems, changing the resource limits may not be allowed for non-root
users. For more details, see users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
This option is not supported on cgroups V1 rootless systems.

6
docs/source/markdown/options/cpu-quota.md
View File

@ -7,6 +7,8 @@ CPU resource. The limit is a number in microseconds. If a number is provided,
the container will be allowed to use that much CPU time until the CPU period the container will be allowed to use that much CPU time until the CPU period
ends (controllable via **--cpu-period**). ends (controllable via **--cpu-period**).
On some systems, changing the CPU limits may not be allowed for non-root On some systems, changing the resource limits may not be allowed for non-root
users. For more details, see users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
This option is not supported on cgroups V1 rootless systems.

2
docs/source/markdown/options/cpu-rt-period.md
View File

@ -4,4 +4,4 @@ Limit the CPU real-time period in microseconds.
Limit the container's Real Time CPU usage. This option tells the kernel to restrict the container's Real Time CPU usage to the period specified. Limit the container's Real Time CPU usage. This option tells the kernel to restrict the container's Real Time CPU usage to the period specified.
This option is not supported on cgroups V2 systems. This option is only supported on cgroups V1 rootful systems.

2
docs/source/markdown/options/cpu-rt-runtime.md
View File

@ -7,4 +7,4 @@ Period of 1,000,000us and Runtime of 950,000us means that this container could c
The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
This option is not supported on cgroups V2 systems. This option is only supported on cgroups V1 rootful systems.

6
docs/source/markdown/options/cpu-shares.md
View File

@ -33,3 +33,9 @@ this can result in the following division of CPU shares:
| 100 | C0 | 0 | 100% of CPU0 | | 100 | C0 | 0 | 100% of CPU0 |
| 101 | C1 | 1 | 100% of CPU1 | | 101 | C1 | 1 | 100% of CPU1 |
| 102 | C1 | 2 | 100% of CPU2 | | 102 | C1 | 2 | 100% of CPU2 |
On some systems, changing the resource limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
This option is not supported on cgroups V1 rootless systems.

11
docs/source/markdown/options/cpus.container.md Normal file
View File

@ -0,0 +1,11 @@
#### **--cpus**=*number*
Number of CPUs. The default is *0.0* which means no limit. This is shorthand
for **--cpu-period** and **--cpu-quota**, so you may only set either
**--cpus** or **--cpu-period** and **--cpu-quota**.
On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
This option is not supported on cgroups V1 rootless systems.

6
docs/source/markdown/options/cpuset-cpus.md
View File

@ -3,3 +3,9 @@
CPUs in which to allow execution. Can be specified as a comma-separated list CPUs in which to allow execution. Can be specified as a comma-separated list
(e.g. **0,1**), as a range (e.g. **0-3**), or any combination thereof (e.g. **0,1**), as a range (e.g. **0-3**), or any combination thereof
(e.g. **0-3,7,11-15**). (e.g. **0-3,7,11-15**).
On some systems, changing the resource limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
This option is not supported on cgroups V1 rootless systems.

6
docs/source/markdown/options/cpuset-mems.md
View File

@ -6,3 +6,9 @@ NUMA systems.
If there are four memory nodes on the system (0-3), use **--cpuset-mems=0,1** If there are four memory nodes on the system (0-3), use **--cpuset-mems=0,1**
then processes in the container will only use memory from the first then processes in the container will only use memory from the first
two memory nodes. two memory nodes.
On some systems, changing the resource limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
This option is not supported on cgroups V1 rootless systems.

5
docs/source/markdown/options/creds.md Normal file
View File

@ -0,0 +1,5 @@
#### **--creds**=*[username[:password]]*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.

6
docs/source/markdown/options/device-cgroup-rule.md Normal file
View File

@ -0,0 +1,6 @@
#### **--device-cgroup-rule**=*"type major:minor mode"*
Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
- type: a (all), c (char), or b (block);
- major and minor: either a number, or * for all;
- mode: a composition of r (read), w (write), and m (mknod(2)).

5
docs/source/markdown/options/disable-content-trust.md Normal file
View File

@ -0,0 +1,5 @@
#### **--disable-content-trust**
This is a Docker-specific option to disable image verification to a container
registry and is not supported by Podman. This option is a NOOP and provided
solely for scripting compatibility.

3
docs/source/markdown/options/dns-opt.container.md Normal file
View File

@ -0,0 +1,3 @@
#### **--dns-opt**=*option*
Set custom DNS options. Invalid if using **--dns-opt** with **--network** that is set to **none** or **container:**_id_.

4
docs/source/markdown/options/dns-search.container.md Normal file
View File

@ -0,0 +1,4 @@
#### **--dns-search**=*domain*
Set custom DNS search domains. Invalid if using **--dns-search** with **--network** that is set to **none** or **container:**_id_.
Use **--dns-search=.** if you don't wish to set the search domain.

5
docs/source/markdown/options/env-merge.md Normal file
View File

@ -0,0 +1,5 @@
#### **--env-merge**=*env*
Preprocess default environment variables for the containers. For example
if image contains environment variable `hello=world` user can preprocess
it using `--env-merge hello=${hello}-some` so new value will be `hello=world-some`.

7
docs/source/markdown/options/follow.md Normal file
View File

@ -0,0 +1,7 @@
#### **--follow**, **-f**
Follow log output. Default is false.
Note: If you are following a <<container|pod>> which is removed by `podman <<container|pod>> rm`
or removed on exit (`podman run --rm ...`), then there is a chance that the log
file will be removed before `podman<< pod|>> logs` reads the final content.

8
docs/source/markdown/options/gidmap.container.md Normal file
View File

@ -0,0 +1,8 @@
#### **--gidmap**=*container_gid:host_gid:amount*
Run the container in a new user namespace using the supplied GID mapping. This
option conflicts with the **--userns** and **--subgidname** options. This
option provides a way to map host GIDs to container GIDs in the same way as
__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.

4
docs/source/markdown/options/gidmap.pod.md Normal file
View File

@ -0,0 +1,4 @@
#### **--gidmap**=*pod_gid:host_gid:amount*
GID map for the user namespace. Using this flag will run all containers in the pod with user namespace enabled.
It conflicts with the **--userns** and **--subgidname** flags.

5
docs/source/markdown/options/ignore.md Normal file
View File

@ -0,0 +1,5 @@
#### **--ignore**, **-i**
Ignore errors when specified <<containers|pods>> are not in the container store. A user
might have decided to manually remove a <<container|pod>> which would lead to a failure
during the ExecStop directive of a systemd service referencing that <<container|pod>>.

12
docs/source/markdown/options/ipc.md Normal file
View File

@ -0,0 +1,12 @@
#### **--ipc**=*ipc*
Set the IPC namespace mode for a container. The default is to create
a private IPC namespace.
- "": Use Podman's default, defined in containers.conf.
- **container:**_id_: reuses another container's shared memory, semaphores, and message queues
- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
- **none**: private IPC namespace, with /dev/shm not mounted.
- **ns:**_path_: path to an IPC namespace to join.
- **private**: private IPC namespace.
= **shareable**: private IPC namespace with a possibility to share it with other containers.

2
docs/source/markdown/options/memory-swappiness.md
View File

@ -2,4 +2,4 @@
Tune a container's memory swappiness behavior. Accepts an integer between *0* and *100*. Tune a container's memory swappiness behavior. Accepts an integer between *0* and *100*.
This flag is not supported on cgroups V2 systems. This flag is only supported on cgroups V1 rootful systems.

3
docs/source/markdown/options/names.md Normal file
View File

@ -0,0 +1,3 @@
#### **--names**, **-n**
Output the container names instead of the container IDs in the log.

9
docs/source/markdown/options/pid.md Normal file
View File

@ -0,0 +1,9 @@
#### **--pid**=*mode*
Set the PID namespace mode for the container.
The default is to create a private PID namespace for the container.
- **container:**_id_: join another container's PID namespace;
- **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure;
- **ns:**_path_: join the specified PID namespace;
- **private**: create a new namespace for the container (default).

1
docs/source/markdown/options/platform.md
View File

@ -2,3 +2,4 @@
Specify the platform for selecting the image. (Conflicts with --arch and --os) Specify the platform for selecting the image. (Conflicts with --arch and --os)
The `--platform` option can be used to override the current architecture and operating system. The `--platform` option can be used to override the current architecture and operating system.
Unless overridden, subsequent lookups of the same image in the local storage will match this platform, regardless of the host.

4
docs/source/markdown/options/pod-id-file.container.md Normal file
View File

@ -0,0 +1,4 @@
#### **--pod-id-file**=*file*
Run container in an existing pod and read the pod's ID from the specified *file*.
If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.

3
docs/source/markdown/options/pod-id-file.pod.md Normal file
View File

@ -0,0 +1,3 @@
#### **--pod-id-file**=*file*
Read pod ID from the specified *file* and <<subcommand>> the pod. Can be specified multiple times.

6
docs/source/markdown/options/since.md Normal file
View File

@ -0,0 +1,6 @@
#### **--since**=*TIMESTAMP*
Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration
strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
and 2006-01-02.

29
docs/source/markdown/options/systemd.md Normal file
View File

@ -0,0 +1,29 @@
#### **--systemd**=*true* | *false* | *always*
Run container in systemd mode. The default is **true**.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
Running the container in systemd mode causes the following changes:
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
Note that on **SELinux** systems, systemd attempts to write to the cgroup
file system. Containers writing to the cgroup file system are denied by default.
The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
```
setsebool -P container_manage_cgroup true
```

4
docs/source/markdown/options/tail.md Normal file
View File

@ -0,0 +1,4 @@
#### **--tail**=*LINES*
Output the specified number of LINES at the end of the logs. LINES must be an integer. Defaults to -1,
which prints all lines

3
docs/source/markdown/options/timestamps.md Normal file
View File

@ -0,0 +1,3 @@
#### **--timestamps**, **-t**
Show timestamps in the log outputs. The default is false

6
docs/source/markdown/options/until.md Normal file
View File

@ -0,0 +1,6 @@
#### **--until**=*TIMESTAMP*
Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
and 2006-01-02.

7
docs/source/markdown/options/workdir.md Normal file
View File

@ -0,0 +1,7 @@
#### **--workdir**, **-w**=*dir*
Working directory inside the container.
The default working directory for running binaries within a container is the root directory (**/**).
The image developer can set a different default with the WORKDIR instruction. The operator
can override the working directory by using the **-w** option.

6
docs/source/markdown/podman-auto-update.1.md → docs/source/markdown/podman-auto-update.1.md.in
View File

@ -34,12 +34,8 @@ Systemd units that start and stop a container cannot run a new image.
Podman ships with a `podman-auto-update.service` systemd unit. This unit is triggered daily at midnight by the `podman-auto-update.timer` systemd timer. The timer can be altered for custom time-based updates if desired. The unit can further be invoked by other systemd units (e.g., via the dependency tree) or manually via **systemctl start podman-auto-update.service**. Podman ships with a `podman-auto-update.service` systemd unit. This unit is triggered daily at midnight by the `podman-auto-update.timer` systemd timer. The timer can be altered for custom time-based updates if desired. The unit can further be invoked by other systemd units (e.g., via the dependency tree) or manually via **systemctl start podman-auto-update.service**.
## OPTIONS ## OPTIONS
#### **--authfile**=*path*
Path of the authentication file. Default is `${XDG_RUNTIME_DIR}/containers/auth.json`, which is set using **[podman login](podman-login.1.md)**. @@option authfile
If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using **docker login**.
Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**.
#### **--dry-run** #### **--dry-run**

51
docs/source/markdown/podman-build.1.md.in
View File

@ -65,19 +65,11 @@ discarded when writing images in Docker formats.
Set the architecture of the image to be built, and that of the base image to be Set the architecture of the image to be built, and that of the base image to be
pulled, if the build uses one, to the provided value instead of using the pulled, if the build uses one, to the provided value instead of using the
architecture of the build host. (Examples: arm, arm64, 386, amd64, ppc64le, architecture of the build host. Unless overridden, subsequent lookups of the
s390x) same image in the local storage will match this architecture, regardless of the
host. (Examples: arm, arm64, 386, amd64, ppc64le, s390x)
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is
${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
If the authorization state is not found there, $HOME/.docker/config.json is
checked, which is set using `docker login`.
Note: You can also override the default path of the authentication file by
setting the REGISTRY\_AUTH\_FILE environment variable.
`export REGISTRY_AUTH_FILE=path`
#### **--build-arg**=*arg=value* #### **--build-arg**=*arg=value*
@ -173,10 +165,7 @@ If a capability is specified to both the **--cap-add** and **--cap-drop**
options, it will be dropped, regardless of the order in which the options were options, it will be dropped, regardless of the order in which the options were
given. given.
#### **--cert-dir**=*path* @@option cert-dir
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
@@option cgroup-parent @@option cgroup-parent
@ -207,11 +196,7 @@ Set additional flags to pass to the C Preprocessor cpp(1). Containerfiles ending
@@option cpuset-mems @@option cpuset-mems
#### **--creds**=*creds* @@option creds
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and
the value can be entered. The password is entered without echo.
#### **--decryption-key**=*key[:passphrase]* #### **--decryption-key**=*key[:passphrase]*
@ -245,11 +230,7 @@ registries, and images being written to local storage would only need to be
decompressed again to be stored. Compression can be forced in all cases by decompressed again to be stored. Compression can be forced in all cases by
specifying **--disable-compression=false**. specifying **--disable-compression=false**.
#### **--disable-content-trust** @@option disable-content-trust
This is a Docker specific option to disable image verification to a container
registry and is not supported by Podman. This option is a NOOP and provided
solely for scripting compatibility. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--dns**=*dns* #### **--dns**=*dns*
@ -312,6 +293,12 @@ environment variable. `export BUILDAH_FORMAT=docker`
Overrides the first `FROM` instruction within the Containerfile. If there are multiple Overrides the first `FROM` instruction within the Containerfile. If there are multiple
FROM instructions in a Containerfile, only the first is changed. FROM instructions in a Containerfile, only the first is changed.
With the remote podman client, not all container transports will work as
expected. For example, oci-archive:/x.tar will reference /x.tar on the remote
machine instead of on the client. If you need to support remote podman clients,
it is best to restrict yourself to containers-storage: and docker://
transports.
#### **--help**, **-h** #### **--help**, **-h**
Print usage statement Print usage statement
@ -463,7 +450,8 @@ do not include `History` information in their images.
Set the OS of the image to be built, and that of the base image to be pulled, Set the OS of the image to be built, and that of the base image to be pulled,
if the build uses one, instead of using the current operating system of the if the build uses one, instead of using the current operating system of the
build host. build host. Unless overridden, subsequent lookups of the same image in the
local storage will match this OS, regardless of the host.
#### **--os-feature**=*feature* #### **--os-feature**=*feature*
@ -515,9 +503,12 @@ process.
Set the *os/arch* of the built image (and its base image, if your build uses one) Set the *os/arch* of the built image (and its base image, if your build uses one)
to the provided value instead of using the current operating system and to the provided value instead of using the current operating system and
architecture of the host (for example `linux/arm`). If `--platform` is set, architecture of the host (for example `linux/arm`). Unless overridden,
then the values of the `--arch`, `--os`, and `--variant` options will be subsequent lookups of the same image in the local storage will match this
overridden. platform, regardless of the host.
If `--platform` is set, then the values of the `--arch`, `--os`, and
`--variant` options will be overridden.
The `--platform` option can be specified more than once, or given a The `--platform` option can be specified more than once, or given a
comma-separated list of values as its argument. When more than one platform is comma-separated list of values as its argument. When more than one platform is

12
docs/source/markdown/podman-container-clone.1.md.in
View File

@ -40,6 +40,8 @@ Set a number of CPUs for the container that overrides the original containers CP
This is shorthand This is shorthand
for **--cpu-period** and **--cpu-quota**, so only **--cpus** or either both the **--cpu-period** and **--cpu-quota** options can be set. for **--cpu-period** and **--cpu-quota**, so only **--cpus** or either both the **--cpu-period** and **--cpu-quota** options can be set.
This option is not supported on cgroups V1 rootless systems.
@@option cpuset-cpus @@option cpuset-cpus
If none are specified, the original container's CPUset is used. If none are specified, the original container's CPUset is used.
@ -54,10 +56,14 @@ If none are specified, the original container's CPU memory nodes are used.
Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb). Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb).
This option is not supported on cgroups V1 rootless systems.
#### **--device-write-bps**=*path* #### **--device-write-bps**=*path*
Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
This option is not supported on cgroups V1 rootless systems.
#### **--force**, **-f** #### **--force**, **-f**
Force removal of the original container that we are cloning. Can only be used in conjunction with **--destroy**. Force removal of the original container that we are cloning. Can only be used in conjunction with **--destroy**.
@ -74,6 +80,8 @@ system's page size (the value would be very large, that's millions of trillions)
If no memory limits are specified, the original container's will be used. If no memory limits are specified, the original container's will be used.
This option is not supported on cgroups V1 rootless systems.
#### **--memory-reservation**=*limit* #### **--memory-reservation**=*limit*
Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
@ -84,6 +92,8 @@ reservation. So you should always set the value below **--memory**, otherwise th
hard limit will take precedence. By default, memory reservation will be the same hard limit will take precedence. By default, memory reservation will be the same
as memory limit from the container being cloned. as memory limit from the container being cloned.
This option is not supported on cgroups V1 rootless systems.
#### **--memory-swap**=*limit* #### **--memory-swap**=*limit*
A limit value equal to memory plus swap. Must be used with the **-m** A limit value equal to memory plus swap. Must be used with the **-m**
@ -95,6 +105,8 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a `k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
This option is not supported on cgroups V1 rootless systems.
@@option memory-swappiness @@option memory-swappiness
#### **--name** #### **--name**

14
docs/source/markdown/podman-container-runlabel.1.md → docs/source/markdown/podman-container-runlabel.1.md.in
View File

@ -29,20 +29,12 @@ As specified by the `--name` option. The format is identical to the one of the
Will be replaced with the current working directory. Will be replaced with the current working directory.
## OPTIONS ## OPTIONS
#### **--authfile**=*path*
Path of the containers-auth.json(5) file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. @@option authfile
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` @@option cert-dir
#### **--cert-dir**=*path* @@option creds
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--creds**=*[username[:password]]*
The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo.
#### **--display** #### **--display**

129
docs/source/markdown/podman-create.1.md.in
View File

@ -83,12 +83,7 @@ error. It can even pretend to be a TTY (this is what most command line
executables expect) and pass along signals. The **-a** option can be set for executables expect) and pass along signals. The **-a** option can be set for
each of stdin, stdout, and stderr. each of stdin, stdout, and stderr.
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
@@option blkio-weight @@option blkio-weight
@ -110,9 +105,7 @@ Block IO relative device weight.
@@option chrootdirs @@option chrootdirs
#### **--cidfile**=*id* @@option cidfile.write
Write the container ID to the file
@@option conmon-pidfile @@option conmon-pidfile
@ -126,15 +119,7 @@ Write the container ID to the file
@@option cpu-shares @@option cpu-shares
#### **--cpus**=*number* @@option cpus.container
Number of CPUs. The default is *0.0* which means no limit. This is shorthand
for **--cpu-period** and **--cpu-quota**, so you may only set either
**--cpus** or **--cpu-period** and **--cpu-quota**.
On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
@@option cpuset-cpus @@option cpuset-cpus
@ -159,34 +144,33 @@ Podman may load kernel modules required for using the specified
device. The devices that podman will load modules when necessary are: device. The devices that podman will load modules when necessary are:
/dev/fuse. /dev/fuse.
#### **--device-cgroup-rule**=*"type major:minor mode"* @@option device-cgroup-rule
Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
- type: a (all), c (char), or b (block);
- major and minor: either a number, or * for all;
- mode: a composition of r (read), w (write), and m (mknod(2)).
#### **--device-read-bps**=*path* #### **--device-read-bps**=*path*
Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
This option is not supported on cgroups V1 rootless systems.
#### **--device-read-iops**=*path* #### **--device-read-iops**=*path*
Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000) Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
This option is not supported on cgroups V1 rootless systems.
#### **--device-write-bps**=*path* #### **--device-write-bps**=*path*
Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
This option is not supported on cgroups V1 rootless systems.
#### **--device-write-iops**=*path* #### **--device-write-iops**=*path*
Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000) Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
#### **--disable-content-trust** This option is not supported on cgroups V1 rootless systems.
This is a Docker specific option to disable image verification to a Docker @@option disable-content-trust
registry and is not supported by Podman. This flag is a NOOP and provided
solely for scripting compatibility.
#### **--dns**=*dns* #### **--dns**=*dns*
@ -200,13 +184,9 @@ is the case the **--dns** flag is necessary for every run.
The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman. The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman.
The **/etc/resolv.conf** file in the image will be used without changes. The **/etc/resolv.conf** file in the image will be used without changes.
#### **--dns-opt**=*option* @@option dns-opt.container
Set custom DNS options. Invalid if using **--dns-opt** and **--network** that is set to 'none' or `container:<name|id>`. @@option dns-search.container
#### **--dns-search**=*domain*
Set custom DNS search domains. Invalid if using **--dns-search** and **--network** that is set to 'none' or `container:<name|id>`. (Use --dns-search=. if you don't wish to set the search domain)
@@option entrypoint @@option entrypoint
@ -224,16 +204,11 @@ Read in a line delimited file of environment variables. See **Environment** note
@@option env-host @@option env-host
@@option env-merge
@@option expose @@option expose
#### **--gidmap**=*container_gid:host_gid:amount* @@option gidmap.container
Run the container in a new user namespace using the supplied GID mapping. This
option conflicts with the **--userns** and **--subgidname** options. This
option provides a way to map host GIDs to container GIDs in the same way as
__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
@@option group-add @@option group-add
@ -319,18 +294,7 @@ The address must be within the network's IPv6 address pool.
To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
#### **--ipc**=*ipc* @@option ipc
Set the IPC namespace mode for a container. The default is to create
a private IPC namespace.
- "": Use Podman's default, defined in containers.conf.
- **container:**_id_: reuses another container's shared memory, semaphores, and message queues
- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
- **none**: private IPC namespace, with /dev/shm not mounted.
- **ns:**_path_: path to an IPC namespace to join.
- **private**: private IPC namespace.
= **shareable**: private IPC namespace with a possibility to share it with other containers.
#### **--label**, **-l**=*label* #### **--label**, **-l**=*label*
@ -371,6 +335,8 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions). system's page size (the value would be very large, that's millions of trillions).
This option is not supported on cgroups V1 rootless systems.
#### **--memory-reservation**=*limit* #### **--memory-reservation**=*limit*
Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
@ -381,6 +347,8 @@ reservation. So you should always set the value below **--memory**, otherwise th
hard limit will take precedence. By default, memory reservation will be the same hard limit will take precedence. By default, memory reservation will be the same
as memory limit. as memory limit.
This option is not supported on cgroups V1 rootless systems.
#### **--memory-swap**=*limit* #### **--memory-swap**=*limit*
A limit value equal to memory plus swap. Must be used with the **-m** A limit value equal to memory plus swap. Must be used with the **-m**
@ -392,6 +360,8 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a `k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
This option is not supported on cgroups V1 rootless systems.
@@option memory-swappiness @@option memory-swappiness
@@option mount @@option mount
@ -457,19 +427,13 @@ This option conflicts with **--add-host**.
#### **--os**=*OS* #### **--os**=*OS*
Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host.
@@option passwd-entry @@option passwd-entry
@@option personality @@option personality
#### **--pid**=*pid* @@option pid
Set the PID mode for the container
Default is to create a private PID namespace for the container
- `container:<name|id>`: join another container's PID namespace
- `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
- `ns`: join the specified PID namespace
- `private`: create a new namespace for the container (default)
@@option pidfile @@option pidfile
@ -482,9 +446,7 @@ Default is to create a private PID namespace for the container
Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`. Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`.
To make a pod with more granular options, use the `podman pod create` command before creating a container. To make a pod with more granular options, use the `podman pod create` command before creating a container.
#### **--pod-id-file**=*path* @@option pod-id-file.container
Run container in an existing pod and read the pod's ID from the specified file. If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
#### **--privileged** #### **--privileged**
@ -666,34 +628,7 @@ Network Namespace - current sysctls allowed:
Note: if you use the --network=host option these sysctls will not be allowed. Note: if you use the --network=host option these sysctls will not be allowed.
#### **--systemd**=*true* | *false* | *always* @@option systemd
Run container in systemd mode. The default is *true*.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
Running the container in systemd mode causes the following changes:
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
Note: On `SELinux` systems, systemd attempts to write to the cgroup
file system. Containers writing to the cgroup file system are denied by default.
The `container_manage_cgroup` boolean must be enabled for this to be allowed on an SELinux separated system.
`setsebool -P container_manage_cgroup true`
@@option timeout @@option timeout
@ -986,13 +921,7 @@ If the location of the volume from the source container overlaps with
data residing on a target container, then the volume hides data residing on a target container, then the volume hides
that data on the target. that data on the target.
#### **--workdir**, **-w**=*dir* @@option workdir
Working directory inside the container
The default working directory for running binaries within a container is the root directory (/).
The image developer can set a different default with the WORKDIR instruction. The operator
can override the working directory by using the **-w** option.
## EXAMPLES ## EXAMPLES

8
docs/source/markdown/podman-exec.1.md → docs/source/markdown/podman-exec.1.md.in
View File

@ -70,13 +70,7 @@ Sets the username or UID used and optionally the groupname or GID for the specif
The following examples are all valid: The following examples are all valid:
--user [user | user:group | uid | uid:gid | user:gid | uid:group ] --user [user | user:group | uid | uid:gid | user:gid | uid:group ]
#### **--workdir**, **-w**=*path* @@option workdir
Working directory inside the container
The default working directory for running binaries within a container is the root directory (/).
The image developer can set a different default with the WORKDIR instruction, which can be overridden
when creating the container.
## Exit Status ## Exit Status

2
docs/source/markdown/podman-generate-systemd.1.md
View File

@ -26,7 +26,7 @@ therefore the overridden default value._
A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template. The template's argument is the path to the YAML file. Given a `workload.yaml` file in the home directory, it can be executed as follows: A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template. The template's argument is the path to the YAML file. Given a `workload.yaml` file in the home directory, it can be executed as follows:
``` ```
$ escaped=$(systemd-escape ~/sysadmin.yaml) $ escaped=$(systemd-escape ~/workload.yaml)
$ systemctl --user start podman-kube@$escaped.service $ systemctl --user start podman-kube@$escaped.service
$ systemctl --user is-active podman-kube@$escaped.service $ systemctl --user is-active podman-kube@$escaped.service
active active

12
docs/source/markdown/podman-image-sign.1.md → docs/source/markdown/podman-image-sign.1.md.in
View File

@ -19,17 +19,9 @@ By default, the signature will be written into `/var/lib/containers/sigstore` fo
Sign all the manifests of the multi-architecture image (default false). Sign all the manifests of the multi-architecture image (default false).
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json @@option cert-dir
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--directory**, **-d**=*dir* #### **--directory**, **-d**=*dir*

9
docs/source/markdown/podman-image-trust.1.md
View File

@ -32,7 +32,8 @@ Trust **type** provides a way to:
Allowlist ("accept") or Allowlist ("accept") or
Denylist ("reject") registries or Denylist ("reject") registries or
Require signature (“signedBy”). Require a simple signing signature (“signedBy”),
Require a sigstore signature ("sigstoreSigned").
Trust may be updated using the command **podman image trust set** for an existing trust scope. Trust may be updated using the command **podman image trust set** for an existing trust scope.
@ -45,12 +46,14 @@ Trust may be updated using the command **podman image trust set** for an existin
#### **--pubkeysfile**, **-f**=*KEY1* #### **--pubkeysfile**, **-f**=*KEY1*
A path to an exported public key on the local system. Key paths A path to an exported public key on the local system. Key paths
will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to
require an image be signed by multiple keys. The **--pubkeysfile** option is required for the **signedBy** type. require an image be signed by multiple keys. The **--pubkeysfile** option is required for the **signedBy** and **sigstoreSigned** types.
#### **--type**, **-t**=*value* #### **--type**, **-t**=*value*
The trust type for this policy entry. The trust type for this policy entry.
Accepted values: Accepted values:
**signedBy** (default): Require signatures with corresponding list of **signedBy** (default): Require simple signing signatures with corresponding list of
public keys
**sigstoreSigned**: Require sigstore signatures with corresponding list of
public keys public keys
**accept**: do not require any signatures for this **accept**: do not require any signatures for this
registry scope registry scope

4
docs/source/markdown/podman-kill.1.md → docs/source/markdown/podman-kill.1.md.in
View File

@ -16,9 +16,7 @@ The main process inside each container specified will be sent SIGKILL, or any si
Signal all running and paused containers. Signal all running and paused containers.
#### **--cidfile** @@option cidfile.read
Read container ID from the specified file and remove the container. Can be specified multiple times.
#### **--latest**, **-l** #### **--latest**, **-l**

27
docs/source/markdown/podman-kube-down.1.md
View File

@ -4,10 +4,14 @@
podman-kube-down - Remove containers and pods based on Kubernetes YAML podman-kube-down - Remove containers and pods based on Kubernetes YAML
## SYNOPSIS ## SYNOPSIS
**podman kube down** *file.yml|-* **podman kube down** *file.yml|-|https://website.io/file.yml*
## DESCRIPTION ## DESCRIPTION
**podman kube down** reads a specified Kubernetes YAML file, tearing down pods that were created by the `podman kube play` command via the same Kubernetes YAML file. Any volumes that were created by the previous `podman kube play` command remain intact. If the YAML file is specified as `-`, `podman kube down` reads the YAML from stdin. **podman kube down** reads a specified Kubernetes YAML file, tearing down pods that were created by the `podman kube play` command via the same Kubernetes YAML
file. Any volumes that were created by the previous `podman kube play` command remain intact. If the YAML file is specified as `-`, `podman kube down` reads the
YAML from stdin. The input can also be a URL that points to a YAML file such as https://podman.io/demo.yml. `podman kube down` will then teardown the pods and
containers created by `podman kube play` via the same Kubernetes YAML from the URL. However, `podman kube down` will not work with a URL if the YAML file the URL
points to has been changed or altered since the creation of the pods and containers using `podman kube play`.
## EXAMPLES ## EXAMPLES
@ -30,14 +34,31 @@ spec:
Remove the pod and containers as described in the `demo.yml` file Remove the pod and containers as described in the `demo.yml` file
``` ```
$ podman kube down demo.yml $ podman kube down demo.yml
Pods stopped:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
Pods removed:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
``` ```
Remove the pod and containers as described in the`demo.yml` file YAML sent to stdin Remove the pod and containers as described in the `demo.yml` file YAML sent to stdin
``` ```
$ cat demo.yml | podman kube play - $ cat demo.yml | podman kube play -
Pods stopped:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
Pods removed:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
``` ```
Remove the pods and containers as described in the `demo.yml` file YAML read from a URL
```
$ podman kube down https://podman.io/demo.yml
Pods stopped:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
Pods removed:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
```
`podman kube down` will not work with a URL if the YAML file the URL points to has been changed
or altered since it was used to create the pods and containers.
## SEE ALSO ## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **[podman-kube-generate(1)](podman-kube-generate.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** **[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **[podman-kube-generate(1)](podman-kube-generate.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**

39
docs/source/markdown/podman-kube-play.1.md.in
View File

@ -4,13 +4,14 @@
podman-kube-play - Create containers, pods and volumes based on Kubernetes YAML podman-kube-play - Create containers, pods and volumes based on Kubernetes YAML
## SYNOPSIS ## SYNOPSIS
**podman kube play** [*options*] *file.yml|-* **podman kube play** [*options*] *file.yml|-|https://website.io/file.yml*
## DESCRIPTION ## DESCRIPTION
**podman kube play** will read in a structured file of Kubernetes YAML. It will then recreate the containers, pods or volumes described in the YAML. Containers within a pod are then started and the ID of the new Pod or the name of the new Volume is output. If the yaml file is specified as "-" then `podman kube play` will read the YAML file from stdin. **podman kube play** will read in a structured file of Kubernetes YAML. It will then recreate the containers, pods or volumes described in the YAML. Containers within a pod are then started and the ID of the new Pod or the name of the new Volume is output. If the yaml file is specified as "-" then `podman kube play` will read the YAML file from stdin.
Using the `--down` command line option, it is also capable of tearing down the pods created by a previous run of `podman kube play`. Using the `--down` command line option, it is also capable of tearing down the pods created by a previous run of `podman kube play`.
Using the `--replace` command line option, it will tear down the pods(if any) created by a previous run of `podman kube play` and recreate the pods with the Kubernetes YAML file. Using the `--replace` command line option, it will tear down the pods(if any) created by a previous run of `podman kube play` and recreate the pods with the Kubernetes YAML file.
Ideally the input file would be one created by Podman (see podman-kube-generate(1)). This would guarantee a smooth import and expected results. Ideally the input file would be one created by Podman (see podman-kube-generate(1)). This would guarantee a smooth import and expected results.
The input can also be a URL that points to a YAML file such as https://podman.io/demo.yml. `podman kube play` will read the YAML from the URL and create pods and containers from it.
Currently, the supported Kubernetes kinds are: Currently, the supported Kubernetes kinds are:
- Pod - Pod
@ -112,22 +113,13 @@ and as a result environment variable `FOO` will be set to `bar` for container `c
@@option annotation.container @@option annotation.container
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--build** #### **--build**
Build images even if they are found in the local storage. Use `--build=false` to completely disable builds. (This option is not available with the remote Podman client) Build images even if they are found in the local storage. Use `--build=false` to completely disable builds. (This option is not available with the remote Podman client)
#### **--cert-dir**=*path* @@option cert-dir
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--configmap**=*path* #### **--configmap**=*path*
@ -139,11 +131,7 @@ Note: The *--configmap* option can be used multiple times or a comma-separated l
Use *path* as the build context directory for each image. Requires --build option be true. (This option is not available with the remote Podman client) Use *path* as the build context directory for each image. Requires --build option be true. (This option is not available with the remote Podman client)
#### **--creds** @@option creds
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
#### **--help**, **-h** #### **--help**, **-h**
@ -313,8 +301,23 @@ Create a pod connected to two networks (called net1 and net2) with a static ip
$ podman kube play demo.yml --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 $ podman kube play demo.yml --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
``` ```
Please take into account that networks must be created first using podman-network-create(1). Please take into account that networks must be created first using podman-network-create(1).
Create and teardown from a URL pointing to a YAML file
```
$ podman kube play https://podman.io/demo.yml
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
$ podman kube play --down https://podman.io/demo.yml
Pods stopped:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
Pods removed:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
```
`podman kube play --down` will not work with a URL if the YAML file the URL points to
has been changed or altered.
## SEE ALSO ## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-kube-down(1)](podman-kube-down.1.md)**, **[podman-network-create(1)](podman-network-create.1.md)**, **[podman-kube-generate(1)](podman-kube-generate.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** **[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-kube-down(1)](podman-kube-down.1.md)**, **[podman-network-create(1)](podman-network-create.1.md)**, **[podman-kube-generate(1)](podman-kube-generate.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**

12
docs/source/markdown/podman-login.1.md → docs/source/markdown/podman-login.1.md.in
View File

@ -28,17 +28,9 @@ For more details about format and configurations of the auth.json file, please r
## OPTIONS ## OPTIONS
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json. @@option cert-dir
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--get-login** #### **--get-login**

7
docs/source/markdown/podman-logout.1.md → docs/source/markdown/podman-logout.1.md.in
View File

@ -25,12 +25,7 @@ All the cached credentials can be removed by setting the **all** flag.
Remove the cached credentials for all registries in the auth file Remove the cached credentials for all registries in the auth file
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json.
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--help**, **-h** #### **--help**, **-h**

39
docs/source/markdown/podman-logs.1.md → docs/source/markdown/podman-logs.1.md.in
View File

@ -15,49 +15,24 @@ any logs at the time you execute podman logs).
## OPTIONS ## OPTIONS
#### **--color** @@option color
Output the containers with different colors in the log. @@option follow
#### **--follow**, **-f**
Follow log output. Default is false.
Note: If you are following a container which is removed `podman container rm`
or removed on exit `podman run --rm ...`, then there is a chance that the log
file will be removed before `podman logs` reads the final content.
#### **--latest**, **-l** #### **--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--names**, **-n** @@option names
Output the container name in the log @@option since
#### **--since**=*TIMESTAMP* @@option tail
Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration @@option timestamps
strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
and 2006-01-02.
#### **--tail**=*LINES* @@option until
Output the specified number of LINES at the end of the logs. LINES must be an integer. Defaults to -1,
which prints all lines
#### **--timestamps**, **-t**
Show timestamps in the log outputs. The default is false
#### **--until**=*TIMESTAMP*
Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
and 2006-01-02.
## EXAMPLE ## EXAMPLE

19
docs/source/markdown/podman-manifest-add.1.md → docs/source/markdown/podman-manifest-add.1.md.in
View File

@ -33,24 +33,11 @@ the image. If *imageName* refers to a manifest list or image index, the
architecture information will be retrieved from it. Otherwise, it will be architecture information will be retrieved from it. Otherwise, it will be
retrieved from the image's configuration information. retrieved from the image's configuration information.
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. @@option cert-dir
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE @@option creds
environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--creds**=*creds*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
#### **--features** #### **--features**

12
docs/source/markdown/podman-manifest-create.1.md
View File

@ -22,11 +22,23 @@ If any of the images which should be added to the new list or index are
themselves lists or indexes, add all of their contents. By default, only one themselves lists or indexes, add all of their contents. By default, only one
image from such a list will be added to the newly-created list or index. image from such a list will be added to the newly-created list or index.
#### **--amend**, **-a**
If a manifest list named *listnameorindexname* already exists, modify the
preexisting list instead of exiting with an error. The contents of
*listnameorindexname* are not modified if no *imagename*s are given.
#### **--tls-verify**
Require HTTPS and verify certificates when talking to container registries. (defaults to true)
## EXAMPLES ## EXAMPLES
``` ```
podman manifest create mylist:v1.11 podman manifest create mylist:v1.11
9cfd24048d5fc80903f088f1531a21bff01172abe66effa8941a4c2308dc745f 9cfd24048d5fc80903f088f1531a21bff01172abe66effa8941a4c2308dc745f
podman manifest create --amend mylist:v1.11
9cfd24048d5fc80903f088f1531a21bff01172abe66effa8941a4c2308dc745f
``` ```
``` ```

19
docs/source/markdown/podman-manifest-push.1.md → docs/source/markdown/podman-manifest-push.1.md.in
View File

@ -19,28 +19,15 @@ The list image's ID and the digest of the image's manifest.
Push the images mentioned in the manifest list or image index, in addition to Push the images mentioned in the manifest list or image index, in addition to
the list or index itself. (Default true) the list or index itself. (Default true)
#### **--authfile**=*path* @@option authfile
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. @@option cert-dir
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--compression-format**=**gzip** | *zstd* | *zstd:chunked* #### **--compression-format**=**gzip** | *zstd* | *zstd:chunked*
Specifies the compression format to use. Supported values are: `gzip`, `zstd` and `zstd:chunked`. The default is `gzip` unless overridden in the containers.conf file. Specifies the compression format to use. Supported values are: `gzip`, `zstd` and `zstd:chunked`. The default is `gzip` unless overridden in the containers.conf file.
#### **--creds**=*creds* @@option creds
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
#### **--digestfile**=*Digestfile* #### **--digestfile**=*Digestfile*

4
docs/source/markdown/podman-pause.1.md → docs/source/markdown/podman-pause.1.md.in
View File

@ -17,9 +17,7 @@ Pauses all the processes in one or more containers. You may use container IDs o
Pause all running containers. Pause all running containers.
#### **--cidfile** @@option cidfile.read
Read container ID from the specified file and pause the container. Can be specified multiple times.
#### **--filter**, **-f**=*filter* #### **--filter**, **-f**=*filter*

4
docs/source/markdown/podman-pod-clone.1.md.in
View File

@ -56,9 +56,7 @@ Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sd
Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
#### **--gidmap**=*pod_gid:host_gid:amount* @@option gidmap.pod
GID map for the user namespace. Using this flag will run all containers in the pod with user namespace enabled. It conflicts with the `--userns` and `--subgidname` flags.
#### **--help**, **-h** #### **--help**, **-h**

12
docs/source/markdown/podman-pod-create.1.md.in
View File

@ -89,14 +89,12 @@ Set custom DNS search domains in the /etc/resolv.conf file that will be shared b
Set the exit policy of the pod when the last container exits. Supported policies are: Set the exit policy of the pod when the last container exits. Supported policies are:
| Exit Policy | Description | | Exit Policy | Description |
| ------------------ | --------------------------------------------------------------------------- | | ------------------ | -------------------------------------------------------------------------------------------------------------------------- |
| *continue* | The pod continues running when the last container exits. Used by default. | | *continue* | The pod continues running, by keeping its infra container alive, when the last container exits. Used by default. |
| *stop* | The pod is stopped when the last container exits. Used in `kube play`. | | *stop* | The pod (including its infra container) is stopped when the last container exits. Used in `kube play`. |
#### **--gidmap**=*container_gid:host_gid:amount* @@option gidmap.pod
GID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `--userns` and `--subgidname` flags.
#### **--help**, **-h** #### **--help**, **-h**

38
docs/source/markdown/podman-pod-logs.1.md → docs/source/markdown/podman-pod-logs.1.md.in
View File

@ -13,51 +13,27 @@ Note: Long running command of `podman pod log` with a `-f` or `--follow` needs t
## OPTIONS ## OPTIONS
#### **--color** @@option color
Output the containers with different colors in the log.
#### **--container**, **-c** #### **--container**, **-c**
By default `podman pod logs` retrieves logs for all the containers available within the pod differentiate by field `container`. However there are use-cases where user would want to limit the log stream only to a particular container of a pod for such cases `-c` can be used like `podman pod logs -c ctrNameorID podname`. By default `podman pod logs` retrieves logs for all the containers available within the pod differentiate by field `container`. However there are use-cases where user would want to limit the log stream only to a particular container of a pod for such cases `-c` can be used like `podman pod logs -c ctrNameorID podname`.
#### **--follow**, **-f** @@option follow
Follow log output. Default is false.
Note: If you are following a pod which is removed `podman pod rm`, then there is a
chance that the log file will be removed before `podman pod logs` reads the final content.
#### **--latest**, **-l** #### **--latest**, **-l**
Instead of providing the pod name or id, get logs of the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) Instead of providing the pod name or id, get logs of the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--names**, **-n** @@option names
Output the container names instead of the container IDs in the log. @@option since
#### **--since**=*TIMESTAMP* @@option tail
Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration @@option timestamps
strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
and 2006-01-02.
#### **--tail**=*LINES* @@option until
Output the specified number of LINES at the end of the logs. LINES must be an integer. Defaults to -1,
which prints all lines
#### **--timestamps**, **-t**
Show timestamps in the log outputs. The default is false
#### **--until**=*TIMESTAMP*
Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
and 2006-01-02.
## EXAMPLE ## EXAMPLE

11
docs/source/markdown/podman-pod-restart.1.md
View File

@ -24,17 +24,27 @@ Instead of providing the pod name or ID, restart the last created pod. (This opt
## EXAMPLE ## EXAMPLE
Restart pod with a given name
``` ```
podman pod restart mywebserverpod podman pod restart mywebserverpod
cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907 cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907
```
Restart multiple pods with given IDs
```
podman pod restart 490eb 3557fb podman pod restart 490eb 3557fb
490eb241aaf704d4dd2629904410fe4aa31965d9310a735f8755267f4ded1de5 490eb241aaf704d4dd2629904410fe4aa31965d9310a735f8755267f4ded1de5
3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
```
Restart the last created pod
```
podman pod restart --latest podman pod restart --latest
3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
```
Restart all pods
```
podman pod restart --all podman pod restart --all
19456b4cd557eaf9629825113a552681a6013f8c8cad258e36ab825ef536e818 19456b4cd557eaf9629825113a552681a6013f8c8cad258e36ab825ef536e818
3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
@ -42,7 +52,6 @@ podman pod restart --all
70c358daecf71ef9be8f62404f926080ca0133277ef7ce4f6aa2d5af6bb2d3e9 70c358daecf71ef9be8f62404f926080ca0133277ef7ce4f6aa2d5af6bb2d3e9
cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907 cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907
``` ```
## SEE ALSO ## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-restart(1)](podman-restart.1.md)** **[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-restart(1)](podman-restart.1.md)**

10
docs/source/markdown/podman-pod-rm.1.md → docs/source/markdown/podman-pod-rm.1.md.in
View File

@ -19,19 +19,13 @@ Remove all pods. Can be used in conjunction with \-f as well.
Stop running containers and delete all stopped containers before removal of pod. Stop running containers and delete all stopped containers before removal of pod.
#### **--ignore**, **-i** @@option ignore
Ignore errors when specified pods are not in the container store. A user might
have decided to manually remove a pod which would lead to a failure during the
ExecStop directive of a systemd service referencing that pod.
#### **--latest**, **-l** #### **--latest**, **-l**
Instead of providing the pod name or ID, remove the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) Instead of providing the pod name or ID, remove the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--pod-id-file** @@option pod-id-file.pod
Read pod ID from the specified file and remove the pod. Can be specified multiple times.
#### **--time**, **-t**=*seconds* #### **--time**, **-t**=*seconds*

4
docs/source/markdown/podman-pod-start.1.md → docs/source/markdown/podman-pod-start.1.md.in
View File

@ -20,9 +20,7 @@ Starts all pods
Instead of providing the pod name or ID, start the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) Instead of providing the pod name or ID, start the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
#### **--pod-id-file** @@option pod-id-file.pod
Read pod ID from the specified file and start the pod. Can be specified multiple times.
## EXAMPLE ## EXAMPLE

Some files were not shown because too many files have changed in this diff Show More