opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-02 01:09:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3777 from rhatdan/vendor

Browse Source 
Add support & documentation to run containers with different file types
This commit is contained in:
OpenShift Merge Robot
2019-08-19 13:48:15 +02:00
committed by GitHub
parent 98dee275d0 316e51f0a9
commit befaa95d93
10 changed files with 83 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/podman-build.1.md
View File

@ -375,18 +375,18 @@ to podman build, the option given would be `--runtime-flag log-format=json`.
Security Options
"label=user:USER" : Set the label user for the container
"label=role:ROLE" : Set the label role for the container
"label=type:TYPE" : Set the label type for the container
"label=level:LEVEL" : Set the label level for the container
"label=disable" : Turn off label confinement for the container
"no-new-privileges" : Not supported
- `apparmor=unconfined` : Turn off apparmor confinement for the container
- `apparmor=your-profile` : Set the apparmor confinement profile for the container
"seccomp=unconfined" : Turn off seccomp confinement for the container
"seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
- `label=user:USER` : Set the label user for the container processes
- `label=role:ROLE` : Set the label role for the container processes
- `label=type:TYPE` : Set the label process type for the container processes
- `label=level:LEVEL` : Set the label level for the container processes
- `label=filetype:TYPE` : Set the label file type for the container files
- `label=disable` : Turn off label separation for the container
"apparmor=unconfined" : Turn off apparmor confinement for the container
"apparmor=your-profile" : Set the apparmor confinement profile for the container
- `seccomp=unconfined` : Turn off seccomp confinement for the container
- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
**--shm-size**=*size*

21
docs/podman-create.1.md
View File

@ -640,19 +640,20 @@ of the container is assumed to be managed externally.
Security Options
"apparmor=unconfined" : Turn off apparmor confinement for the container
"apparmor=your-profile" : Set the apparmor confinement profile for the container
- `apparmor=unconfined` : Turn off apparmor confinement for the container
- `apparmor=your-profile` : Set the apparmor confinement profile for the container
"label=user:USER" : Set the label user for the container
"label=role:ROLE" : Set the label role for the container
"label=type:TYPE" : Set the label type for the container
"label=level:LEVEL" : Set the label level for the container
"label=disable" : Turn off label confinement for the container
- `label=user:USER` : Set the label user for the container processes
- `label=role:ROLE` : Set the label role for the container processes
- `label=type:TYPE` : Set the label process type for the container processes
- `label=level:LEVEL` : Set the label level for the container processes
- `label=filetype:TYPE` : Set the label file type for the container files
- `label=disable` : Turn off label separation for the container
"no-new-privileges" : Disable container processes from gaining additional privileges
- `no-new-privileges` : Disable container processes from gaining additional privileges
"seccomp=unconfined" : Turn off seccomp confinement for the container
"seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
- `seccomp=unconfined` : Turn off seccomp confinement for the container
- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
Note: Labeling can be disabled for all containers by setting label=false in the **libpod.conf** (`/etc/containers/libpod.conf`) file.

11
docs/podman-run.1.md
View File

@ -665,11 +665,12 @@ Security Options
- `apparmor=unconfined` : Turn off apparmor confinement for the container
- `apparmor=your-profile` : Set the apparmor confinement profile for the container
- `label=user:USER` : Set the label user for the container
- `label=role:ROLE` : Set the label role for the container
- `label=type:TYPE` : Set the label type for the container
- `label=level:LEVEL` : Set the label level for the container
- `label=disable` : Turn off label confinement for the container
- `label=user:USER` : Set the label user for the container processes
- `label=role:ROLE` : Set the label role for the container processes
- `label=type:TYPE` : Set the label process type for the container processes
- `label=level:LEVEL` : Set the label level for the container processes
- `label=filetype:TYPE` : Set the label file type for the container files
- `label=disable` : Turn off label separation for the container
- `no-new-privileges` : Disable container processes from gaining additional privileges