opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-02 01:09:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16237 from alexlarsson/quadlet-updates

Browse Source 
Various quadlet updates
This commit is contained in:
OpenShift Merge Robot
2022-10-26 04:05:40 -04:00
committed by GitHub
parent 02fc9eb78e bac907abf8
commit ac8b401c48
16 changed files with 157 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/source/markdown/options/network.md
View File

@ -15,7 +15,8 @@ Valid _mode_ values are:
- **mac=MAC**: Specify a static mac address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
- \<network name or ID\>[:OPTIONS,...]: Connect to a user-defined network; this is the network name or ID from a network created by **[podman network create](podman-network-create.1.md)**. Using the network name implies the bridge network mode. It is possible to specify the same options described under the bridge mode above. You can use the **--network** option multiple times to specify additional networks.
- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
- **container:**_id_: Reuse another container's network stack.

45
docs/source/markdown/podman-systemd.unit.5.md
View File

@ -126,22 +126,39 @@ setuid and file capabilities.
#### `DropCapability=` (defaults to `all`)
Drop these capabilities from the default container capability set. The default is `all`, allowing
addition of capabilities with `AddCapability`. Set this to empty to drop no capabilities.
This can be listed multiple times.
Drop these capabilities from the default podman capability set, or `all` for all capabilities. The default if no
`DropCapability` is set is `all`. Set this to empty (i.e. `DropCapability=`) to use the default podman capability set.
This is a space separated list of capabilities. This key can be listed multiple times.
For example:
```
DropCapability=CAP_DAC_OVERRIDE CAP_IPC_OWNER
```
#### `AddCapability=`
By default, the container runs with no capabilities (due to DropCapabilities='all'). If any specific
caps are needed, then add them with this key. For example using `AddCapability=CAP_DAC_OVERRIDE`.
This can be listed multiple times.
#### `ReadOnly=` (defaults to `no`)
This is a space separated list of capabilities. This key can be listed multiple times.
For example:
```
AddCapability=CAP_DAC_OVERRIDE CAP_IPC_OWNER
```
#### `ReadOnly=` (defaults to `yes`)
If enabled, makes image read-only, with /var/tmp, /tmp and /run a tmpfs (unless disabled by `VolatileTmp=no`).
**NOTE:** Podman will automatically copy any content from the image onto the tmpfs
#### `SeccompProfile=`
Set the seccomp profile to use in the container. If unset, the default podman profile is used.
Set to either the pathname of a json file, or `unconfined` to disable the seccomp filters.
#### `RemapUsers=` (defaults to `no`)
If this is enabled, then host user and group ids are remapped in the container, such that all the uids
@ -217,6 +234,14 @@ created by using a `$name.volume` quadlet file.
This key can be listed multiple times.
#### `Network=`
Specify a custom network for the container. This has the same format as the `--network` option
to `podman run`. For example, use `host` to use the host network in the container, or `none` to
not set up networking in the container.
This key can be listed multiple times.
#### `ExposeHostPort=`
Exposes a port, or a range of ports (e.g. `50-59`), from the host to the container. Equivalent
@ -241,6 +266,16 @@ allocated port can be found with the `podman port` command.
This key can be listed multiple times.
#### `AddDevice=`
Adds a device node from the host into the container. The format of this is
`HOST-DEVICE[:CONTAINER-DEVICE][:PERMISSIONS]`, where `HOST-DEVICE` is the path of
the device node on the host, `CONTAINER-DEVICE` is the path of the device node in
the container, and `PERMISSIONS` is a list of permissions combining 'r' for read,
'w' for write, and 'm' for mknod(2).
This key can be listed multiple times.
#### `PodmanArgs=`
This key contains a list of arguments passed directly to the end of the `podman run` command