opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-30 07:26:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16854 from giuseppe/fixup-idmapped-oci

Browse Source 
doc: fix documentation for idmapped mounts
This commit is contained in:
OpenShift Merge Robot
2022-12-15 11:50:00 -05:00
committed by GitHub
parent 95abaff85b 14ee8faff1
commit 31e547e60f
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/source/markdown/options/mount.md
View File

@ -38,10 +38,9 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and
· idmap: true or false (default). If specified, create an idmapped mount to the target user namespace in the container. · idmap: true or false (default). If specified, create an idmapped mount to the target user namespace in the container.
The idmap option supports a custom mapping that can be different than the user namespace used by the container. The idmap option supports a custom mapping that can be different than the user namespace used by the container.
The mapping can be specified after the idmap option like: idmap=uids=0-1-10#10-11-10;gids=0-100-10. For each triplet, the first value is the The mapping can be specified after the idmap option like: `idmap=uids=0-1-10#10-11-10;gids=0-100-10`. For each triplet, the first value is the
start of the backing file system IDs that are mapped to the second value on the host. The length of this mapping is given in the third value. start of the backing file system IDs that are mapped to the second value on the host. The length of this mapping is given in the third value.
Multiple ranges are separated with #.
Multiple ranges are separated with #.
Options specific to image: Options specific to image:

13
docs/source/markdown/options/volume.md
View File

@ -27,6 +27,7 @@ The _OPTIONS_ is a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup>
* [**no**]**suid** * [**no**]**suid**
* [**r**]**bind** * [**r**]**bind**
* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** * [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable**
* **idmap**[=**options**]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory. will be mounted into the container at this directory.
@ -178,3 +179,15 @@ _/foo_, then use **mount --make-shared /** to convert _/_ into a shared mount.
Note: if the user only has access rights via a group, accessing the volume Note: if the user only has access rights via a group, accessing the volume
from inside a rootless <<container|pod>> will fail. from inside a rootless <<container|pod>> will fail.
`Idmapped mount`
If `idmap` is specified, create an idmapped mount to the target user
namespace in the container. The idmap option supports a custom mapping
that can be different than the user namespace used by the
container. The mapping can be specified after the idmap option like:
`idmap=uids=0-1-10#10-11-10;gids=0-100-10`.
For each triplet, the first value is the start of the backing file
system IDs that are mapped to the second value on the host. The
length of this mapping is given in the third value.
Multiple ranges are separated with #.