Merge branch 'main' of github.com:containers/podman into man

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-08-06 11:32:07 +08:00 · 2024-08-21 08:57:03 -04:00
parent d5cd388729 43fe3ebaf3
commit 1d5bdce3d9
22 changed files with 150 additions and 24 deletions
--- a/docs/source/markdown/options/volume.md
+++ b/docs/source/markdown/options/volume.md
@ -82,13 +82,14 @@ content with a shared content label. Shared volume labels allow all containers
 to read/write content. The **Z** option tells Podman to label the content with
 a private unshared label Only the current <<container|pod>> can use a private
 volume. Note: all containers within a `pod` share the same SELinux label. This
-means all containers within said pod can read/write volumes create with the
-`:Z`. Relabeling walks the file system under the volume and changes the label
-on each file, if the volume has thousands of inodes, this process takes a
-long time, delaying the start of the <<container|pod>>. If the volume
-was previously relabeled with the `z` option, Podman is optimized to not relabel
-a second time. If files are moved into the volume, then the labels can be
-manually change with the `chcon -Rt container_file_t PATH` command.
+means all containers within said pod can read/write volumes shared into the
+container created with the `:Z` on any of one the containers. Relabeling walks
+the file system under the volume and changes the label on each file, if the
+volume has thousands of inodes, this process takes a long time, delaying the
+start of the <<container|pod>>. If the volume was previously relabeled with the
+`z` option, Podman is optimized to not relabel a second time. If files are
+moved into the volume, then the labels can be manually change with the
+`chcon -Rt container_file_t PATH` command.

 Note: Do not relabel system files and directories. Relabeling system content
 might cause other confined services on the machine to fail.  For these types
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@ -259,6 +259,7 @@ Valid options for `[Container]` are listed below:
 | AddDevice=/dev/foo                   | --device /dev/foo                                    |
 | Annotation="XYZ"                     | --annotation "XYZ"                                   |
 | AutoUpdate=registry                  | --label "io.containers.autoupdate=registry"          |
+| CgroupsMode=no-conmon                | --cgroups=no-conmon                                  |
 | ContainerName=name                   | --name name                                          |
 | ContainersConfModule=/etc/nvd\.conf  | --module=/etc/nvd\.conf                              |
 | DNS=192.168.55.1                     | --dns=192.168.55.1                                   |
@ -370,6 +371,16 @@ Indicates whether the container will be auto-updated ([podman-auto-update(1)](po

 * `local`: Tells Podman to compare the image a container is using to the image with its raw name in local storage. If an image is updated locally, Podman simply restarts the systemd unit executing the container.

+### `CgroupsMode=`
+
+The cgroups mode of the Podman container. Equivalent to the Podman `--cgroups` option.
+
+By default, the cgroups mode of the container created by Quadlet is `split`,
+which differs from the default (`enabled`) used by the Podman CLI.
+
+If the container joins a pod (i.e. `Pod=` is specified), you may want to change this to
+`no-conmon` or `enabled` so that pod level cgroup resource limits can take effect.
+
 ### `ContainerName=`

 The (optional) name of the Podman container. If this is not specified, the default value