opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-07-15 03:02:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Man pages: refactor common options: --systemd

Browse Source 
I went with the podman-run version, which better conforms to
style conventions.

Signed-off-by: Ed Santiago <santiago@redhat.com>
This commit is contained in:
Ed Santiago
2022-08-24 18:00:11 -06:00
parent eb7894764e
commit 42fdc72aa8
3 changed files with 31 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/source/markdown/options/systemd.md Normal file
View File

@ -0,0 +1,29 @@
#### **--systemd**=*true* | *false* | *always*
Run container in systemd mode. The default is **true**.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
Running the container in systemd mode causes the following changes:
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
Note that on **SELinux** systems, systemd attempts to write to the cgroup
file system. Containers writing to the cgroup file system are denied by default.
The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
```
setsebool -P container_manage_cgroup true
```

29
docs/source/markdown/podman-create.1.md.in
View File

@ -632,34 +632,7 @@ Network Namespace - current sysctls allowed:
Note: if you use the --network=host option these sysctls will not be allowed.
#### **--systemd**=*true* | *false* | *always*
Run container in systemd mode. The default is *true*.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
Running the container in systemd mode causes the following changes:
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
Note: On `SELinux` systems, systemd attempts to write to the cgroup
file system. Containers writing to the cgroup file system are denied by default.
The `container_manage_cgroup` boolean must be enabled for this to be allowed on an SELinux separated system.
`setsebool -P container_manage_cgroup true`
@@option systemd
@@option timeout

30
docs/source/markdown/podman-run.1.md.in
View File

@ -682,35 +682,7 @@ For the network namespace, the following sysctls are allowed:
Note: if you use the **--network=host** option, these sysctls will not be allowed.
#### **--systemd**=*true* | *false* | *always*
Run container in systemd mode. The default is **true**.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
Running the container in systemd mode causes the following changes:
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
Note that on **SELinux** systems, systemd attempts to write to the cgroup
file system. Containers writing to the cgroup file system are denied by default.
The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
```
setsebool -P container_manage_cgroup true
```
@@option systemd
@@option timeout