podman-run: clean up some formatting issues

Signed-off-by: Micah Abbott <miabbott@redhat.com> Closes: #911 Approved by: rhatdan
2025-06-26 12:56:45 +08:00 · 2018-06-06 10:55:35 -04:00
parent 781eec27b5
commit 16c09f847b
1 changed files with 90 additions and 72 deletions
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@ -193,6 +193,7 @@ is the case the **--dns** flags is necessary for every run.
   Overwrite the default ENTRYPOINT of the image

   This option allows you to overwrite the default entrypoint of the image.
+
   The ENTRYPOINT of an image is similar to a COMMAND
 because it specifies what executable to run when the container starts, but it is
 (purposely) more difficult to override. The ENTRYPOINT gives a container its
@ -234,12 +235,15 @@ inside of the container.
   Print usage statement

 **--image-volume**, **builtin-volume**=*bind*|*tmpfs*|*ignore*
-    Tells podman how to handle the builtin image volumes. The options are: 'bind', 'tmpfs', or 'ignore' (default 'bind')
-    bind: A directory is created inside the container state directory and bind mounted into
+   Tells podman how to handle the builtin image volumes.
+
+   The options are: `bind`, `tmpfs`, or `ignore` (default `bind`)
+
+  - `bind`: A directory is created inside the container state directory and bind mounted into
    the container for the volumes.
-    tmpfs: The volume is mounted onto the container as a tmpfs, which allows the users to create
+  - `tmpfs`: The volume is mounted onto the container as a tmpfs, which allows the users to create
    content that disappears when the container is stopped.
-    ignore: All volumes are just ignored and no action is taken.
+  - `ignore`: All volumes are just ignored and no action is taken.

 **-i**, **--interactive**=*true*|*false*
   Keep STDIN open even if not attached. The default is *false*.
@ -254,8 +258,9 @@ inside of the container.

 **--ipc**=""
   Default is to create a private IPC namespace (POSIX SysV IPC) for the container
-			       'container:<name|id>': reuses another container shared memory, semaphores and message queues
-			       'host': use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
+
+  - `container:<name|id>`: reuses another container shared memory, semaphores and message queues
+  - `host`: use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.

 **--kernel-memory**=""
   Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
@ -277,16 +282,17 @@ millions of trillions.

 **--log-driver**="*json-file*"
   Logging driver for the container. Default is defined by daemon `--log-driver` flag.
+
   **Warning**: the `podman logs` command works only for the `json-file` and
  `journald` logging drivers.

 **--log-opt**=[]
   Logging driver specific options.

-    "path=/var/log/container/mycontainer.json"   : Set the path to the container log file.
+   `path=/var/log/container/mycontainer.json`: Set the path to the container log file.

 **--mac-address**=""
-   Container MAC address (e.g. 92:d0:c6:0a:29:33)
+   Container MAC address (e.g. `92:d0:c6:0a:29:33`)

   Remember that the MAC address in an Ethernet network must be unique.
 The IPv6 link-local address will be based on the device's MAC address
@ -327,9 +333,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
   Assign a name to the container

   The operator can identify a container in three ways:
-    UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
-    UUID short identifier (“f78375b1c487”)
-    Name (“jonah”)
+  - UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
+  - UUID short identifier (“f78375b1c487”)
+  - Name (“jonah”)

   podman generates a UUID for each container, and if a name is not assigned
 to the container with **--name** then the daemon will also generate a random
@ -337,12 +343,12 @@ string name. The name is useful any place you need to identify a container.
 This works for both background and foreground containers.

 **--network**="*bridge*"
-   Set the Network mode for the container
-			       'bridge': create a network stack on the default bridge
-			       'none': no networking
-			       'container:<name|id>': reuse another container's network stack
-			       'host': use the podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-			       '<network-name>|<network-id>': connect to a user-defined network
+   Set the Network mode for the container:
+  - `bridge`: create a network stack on the default bridge
+  - `none`: no networking
+  - `container:<name|id>`: reuse another container's network stack
+  - `host`: use the podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
+  - `<network-name>|<network-id>`: connect to a user-defined network

 **--network-alias**=[]
    Not implemented
@ -355,9 +361,11 @@ This works for both background and foreground containers.

 **--pid**=""
   Set the PID mode for the container
+
   Default is to create a private PID namespace for the container
-			       'container:<name|id>': join another container's PID namespace
-			       'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
+
+  - `container:<name|id>`: join another container's PID namespace
+  - `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.

 **--pids-limit**=""
   Tune the container's pids limit. Set `-1` to have unlimited pids for the container.
@ -368,10 +376,10 @@ This works for both background and foreground containers.
 **--privileged**=*true*|*false*
   Give extended privileges to this container. The default is *false*.

-   By default, podman containers are
-“unprivileged” (=false) and cannot, for example, modify parts of the kernel.
-This is because by default a container is not allowed to access any devices.
-A “privileged” container is given access to all devices.
+   By default, podman containers are “unprivileged” (=false) and cannot,
+for example, modify parts of the kernel. This is because by default a
+container is not allowed to access any devices. A “privileged” container
+is given access to all devices.

   When the operator executes **podman run --privileged**, podman enables access
 to all devices on the host as well as set turn off most of the security measures
@ -381,11 +389,15 @@ protecting the host from the container.
   Publish a container's port, or range of ports, to the host

   Format: `ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort`
+
   Both hostPort and containerPort can be specified as a range of ports.
+
   When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range.
   (e.g., `podman run -p 1234-1236:1222-1224 --name thisWorks -t busybox`
   but not `podman run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox`)
+
   With ip: `podman run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage`
+
   Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT`

 **-P**, **--publish-all**=*true*|*false*
@ -394,10 +406,11 @@ Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPO
   When set to true publish all exposed ports to the host interfaces. The
 default is false. If the operator uses -P (or -p) then podman will make the
 exposed port accessible on the host and the ports will be available to any
-client that can reach the host. When using -P, podman will bind any exposed
-port to a random port on the host within an *ephemeral port range* defined by
-`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
-ports and the exposed ports, use `podman port`.
+client that can reach the host.
+
+   When using -P, podman will bind any exposed port to a random port on the host
+within an *ephemeral port range* defined by `/proc/sys/net/ipv4/ip_local_port_range`.
+To find the mapping between the host ports and the exposed ports, use `podman port`.

 **--quiet, -q**

@ -416,18 +429,18 @@ its root filesystem mounted as read only prohibiting any writes.
 **--security-opt**=[]
   Security Options

-    "label=user:USER"   : Set the label user for the container
-    "label=role:ROLE"   : Set the label role for the container
-    "label=type:TYPE"   : Set the label type for the container
-    "label=level:LEVEL" : Set the label level for the container
-    "label=disable"     : Turn off label confinement for the container
-    "no-new-privileges" : Disable container processes from gaining additional privileges
+  - `label=user:USER`   : Set the label user for the container
+  - `label=role:ROLE`   : Set the label role for the container
+  - `label=type:TYPE`   : Set the label type for the container
+  - `label=level:LEVEL` : Set the label level for the container
+  - `label=disable`     : Turn off label confinement for the container
+  - `no-new-privileges` : Disable container processes from gaining additional privileges

-    "seccomp=unconfined" : Turn off seccomp confinement for the container
-    "seccomp=profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
+  - `seccomp=unconfined` : Turn off seccomp confinement for the container
+  - `seccomp=profile.json` :  White listed syscalls seccomp Json file to be used as a seccomp filter

-    "apparmor=unconfined" : Turn off apparmor confinement for the container
-    "apparmor=your-profile" : Set the apparmor confinement profile for the container
+  - `apparmor=unconfined` : Turn off apparmor confinement for the container
+  - `apparmor=your-profile` : Set the apparmor confinement profile for the container

 **--shm-size**=""
   Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
@ -454,13 +467,20 @@ its root filesystem mounted as read only prohibiting any writes.

   IPC Namespace - current sysctls allowed:

-  kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
-  Sysctls beginning with fs.mqueue.*
+  - kernel.msgmax
+  - kernel.msgmnb
+  - kernel.msgmni
+  - kernel.sem
+  - kernel.shmall
+  - kernel.shmmax
+  - kernel.shmmni
+  - kernel.shm_rmid_forced
+  - Sysctls beginning with fs.mqueue.*

   Note: if you use the `--ipc=host` option these sysctls will not be allowed.

   Network Namespace - current sysctls allowed:
-      Sysctls beginning with net.*
+  - Sysctls beginning with net.*

   Note: if you use the `--network=host` option these sysctls will not be allowed.

@ -482,7 +502,7 @@ any options, the systems uses the following options:
 input of the container. This can be used, for example, to run a throwaway
 interactive shell. The default is false.

-Note: The **-t** option is incompatible with a redirection of the podman client
+   **NOTE**: The **-t** option is incompatible with a redirection of the podman client
 standard input.

 **--uidmap**=map
@ -504,20 +524,22 @@ standard input.
 **--userns**=""
   Set the usernamespace mode for the container. The use of userns is disabled by default.

-     **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).
+   `host`: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).

 **--uts**=*host*
   Set the UTS mode for the container
-     **host**: use the host's UTS namespace inside the container.
-     Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
+
+   `host`: use the host's UTS namespace inside the container.
+
+   **NOTE**: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.

 **-v**|**--volume**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
   Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, podman
   bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the podman
   container. The `OPTIONS` are a comma delimited list and can be:

-   * [rw|ro]
-   * [z|Z]
+   * [`rw`|`ro`]
+   * [`z`|`Z`]
   * [`[r]shared`|`[r]slave`|`[r]private`]

 The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
@ -792,10 +814,6 @@ weight by `--blkio-weight-device` flag. Use the following command:

    # podman run -it --blkio-weight-device "/dev/sda:200" ubuntu

-```
-$ podman run -d busybox top
-```
-
 ### Setting Namespaced Kernel Parameters (Sysctls)

 The `--sysctl` sets namespaced kernel parameters (sysctls) in the