opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4557 from rhatdan/man

Browse Source 
Document other bind options on --volumes flag
This commit is contained in:
OpenShift Merge Robot
2019-11-26 18:50:37 +01:00
committed by GitHub
parent aef38585ed a4983b05fb
commit f5ef3d59bc
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/source/markdown/podman-create.1.md
View File

@ -817,6 +817,10 @@ container. The `OPTIONS` are a comma delimited list and can be:
* [rw|ro] * [rw|ro]
* [z|Z] * [z|Z]
* [`[r]shared`|`[r]slave`|`[r]private`] * [`[r]shared`|`[r]slave`|`[r]private`]
* [`[r]bind`]
* [`noexec`|`exec`]
* [`nodev`|`dev`]
* [`nosuid`|`suid`]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory. will be mounted into the container at this directory.
@ -870,6 +874,25 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes, shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave. source mount has to be either shared or slave.
If you want to recursively mount a volume and all of it's submounts into a
container, then you can use the `rbind` option. By default the bind option is
used, and submounts of the source directory will not be mounted into the
container.
Mounting the volume with the `nosuid` options means that SUID applications on
the volume will not be able to change their privilege. By default volumes
are mounted with `nosuid`.
Mounting the volume with the noexec option means that no executables on the
volume will be able to executed within the container.
Mounting the volume with the nodev option means that no devices on the volume
will be able to be used by processes within the container. By default volumes
are mounted with `nodev`.
If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are
ignored by the kernel.
Use `df <source-dir>` to figure out the source mount and then use Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation `findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one properties of source mount. If `findmnt` utility is not available, then one

23
docs/source/markdown/podman-run.1.md
View File

@ -860,6 +860,10 @@ create one.
* [`rw`|`ro`] * [`rw`|`ro`]
* [`z`|`Z`] * [`z`|`Z`]
* [`[r]shared`|`[r]slave`|`[r]private`] * [`[r]shared`|`[r]slave`|`[r]private`]
* [`[r]bind`]
* [`noexec`|`exec`]
* [`nodev`|`dev`]
* [`nosuid`|`suid`]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory. will be mounted into the container at this directory.
@ -913,6 +917,25 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes, shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave. source mount has to be either shared or slave.
If you want to recursively mount a volume and all of it's submounts into a
container, then you can use the `rbind` option. By default the bind option is
used, and submounts of the source directory will not be mounted into the
container.
Mounting the volume with the `nosuid` options means that SUID applications on
the volume will not be able to change their privilege. By default volumes
are mounted with `nosuid`.
Mounting the volume with the noexec option means that no executables on the
volume will be able to executed within the container.
Mounting the volume with the nodev option means that no devices on the volume
will be able to be used by processes within the container. By default volumes
are mounted with `nodev`.
If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are
ignored by the kernel.
Use `df <source-dir>` to figure out the source mount and then use Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation `findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one properties of source mount. If `findmnt` utility is not available, then one