269 Commits

Author SHA1 Message Date
dced2bf9ef Merge pull request #25769 from Luap99/pasta-doc
docs: update pasta options description
2025-04-03 19:50:53 +00:00
b5a1b512c9 Fix overwriting the Healthcheck configuration from the image
If the --health-cmd flag is not specified, other flags such as --health-interval, --health-timeout, --health-retries, and --health-start-period are ignored if the image contains a Healthcheck. This makes it impossible to modify these Healthcheck configuration when a container is created.

Fixes: https://github.com/containers/podman/issues/20212
Fixes: https://issues.redhat.com/browse/RUN-2629

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-04-03 15:52:05 +02:00
1f90cc1126 docs: update pasta options description
First, remove wrong sentence that says ports are forwarded dynamically
by default. That is wrong and contradicts what is written below.
Second, document that we also set --dns-forward and --map-guest-addr by
default. And lastly document the containers.conf field so users know
they are not forced to set the options on each command.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-04-03 15:50:59 +02:00
4a7785d4df docs: Update podman build security options
It seems support was added into Buildah for no-new-privileges [1]
however the Podman build documentation was not updated.

Fixes #25731

[1] d4c661a774

Signed-off-by: Lewis Denny <lewis@redhat.com>
2025-04-01 04:34:22 +10:00
bf0a5ee3cf docs: Use accurate max size of secret content
The current max size is defined as `maxSecretSize = 512000` in
`github.com/containers/common/blob/main/pkg/secrets/secrets.go`.

Signed-off-by: Alexander Gramiak <agrambot@gmail.com>
2025-03-24 16:35:57 -06:00
10290d462b docs: Improve spelling and formatting
Signed-off-by: Alexander Gramiak <agrambot@gmail.com>
2025-03-24 16:35:29 -06:00
49b756e063 Merge pull request #25665 from Honny1/health-timeout-note
Clarify behavior of --health-timeout in man page
2025-03-24 18:20:24 +00:00
68e0a6c89a Clarify behavior of --health-timeout in man page
Fixes: https://issues.redhat.com/browse/RHEL-84682

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-03-24 18:10:04 +01:00
701aade262 Add --env and --unsetenv to podman update.
The --env is used to add new environment variable to container or
override the existing one. The --unsetenv is used to remove
the environment variable.

It is done by sharing "env" and "unsetenv" flags between both
"update" and "create" commands and later handling these flags
in the "update" command handler.

The list of environment variables to add/remove is stored
in newly added variables in the ContainerUpdateOptions.

The Container.Update API call is refactored to take
the ContainerUpdateOptions as an input to limit the number of its
arguments.

The Env and UnsetEnv lists are later handled using the envLib
package and the Container is updated.

The remote API is also extended to handle Env and EnvUnset.

Fixes: #24875

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
2025-03-21 13:15:44 +01:00
94cacea064 docs: fix some minor issues
As pointed out by Tom on the PR #25397.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-03-13 14:06:20 +01:00
9e94dc53b2 add new artifact mount type
Add a new option to allow for mounting artifacts in the container, the
syntax is added to the existing --mount option:
type=artifact,src=$artifactName,dest=/path[,digest=x][,title=x]

This works very similar to image mounts. The name is passed down into
the container config and then on each start we lookup the artifact and
the figure out which blobs to mount. There is no protaction against a
user removing the artifact while still being used in a container. When
the container is running the bind mounted files will stay there (as the
kernel keeps the mounts active even if the bind source was deleted).
On the next start it will fail to start as if it does not find the
artifact. The good thing is that this technically allows someone to
update the artifact with the new file by creating a new artifact with
the same name.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-03-12 19:42:14 +01:00
b43863ae2a docs: warn about adding capabilities
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2345676

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-02-18 15:23:29 +01:00
bc2763eac8 Add --noheading to artifact ls
like images and containers, it could be handy to have a --noheading
option that removes the headings on the output.

Signed-off-by: Brent Baude <bbaude@redhat.com>
2025-02-03 10:50:46 -06:00
d575ae12f8 Add --no-trunc to artifact ls
added a --no-trunc flag to artifact ls, which follows what images has
done.  by default now, the ls output will have the shortened 12
character digest.  the --no-trunc will output the full digest.

Signed-off-by: Brent Baude <bbaude@redhat.com>
2025-01-31 16:19:18 -06:00
bd061aa2d5 Add type and annotations to artifact add
podman artifact add now supports two new command line switches.

--type string that describes the type of artifact
--annotation string slice in the form of key=val

These new options allow users to "tag" information in on their artifacts
for any number of purposes down the line

RUN-2446

Signed-off-by: Brent Baude <bbaude@redhat.com>
2025-01-31 09:53:03 -06:00
4ea199d744 Merge pull request #25111 from hdub-tech/docs/podman-build-secrets
Improve podman build secrets docs / Makefile validatepr description
2025-01-28 14:31:51 +00:00
0d2431dca2 docs: Enhance podman build --secret documentation and add examples
Signed-off-by: H Dub <14808878+hdub-tech@users.noreply.github.com>
2025-01-24 14:43:46 -06:00
016f41ab49 docs: mount.md - idmapped mounts only work for root user
As reported in #24918 and clarified in https://github.com/containers/crun/issues/1632#issuecomment-2567991631

Signed-off-by: Evstifeev Roman <someuniquename@gmail.com>
2025-01-24 14:07:49 +05:00
d7553fabc7 podman artifact
the podman artifact verb is used to manage OCI artifacts.  the following
verbs were added to `podman artifact`:

* add
* inspect
* ls
* pull
* push
* rm

Notable items with this PR:

* all artifact commands and their output are subject to change. i.e.
  consider all of this tech preview
* there is no way to add a file to an artifact that already exists in
  the store.  you would need to delete and recreate the artifact.
* all references to artifacts names should be fully qualified names in
  the form of repo/name:tag (i.e. quay.io/artifact/foobar:latest)
* i understand that we will likely want to be able to attribute things
  like arch, etc to artifact files.  this function is not available yet.

Many thanks to Paul Holzinger for autocompletion PRs and review PRs that
fixed issues early on.

Also fix up some Args function to specify the correct number of args.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
2025-01-21 12:47:30 -06:00
6565bde6e8 Add --no-hostname option
Fixes: https://github.com/containers/podman/issues/25002

Also add the ability to inspect containers for
UseImageHosts and UseImageHostname.

Finally fixed some bugs in handling of --no-hosts for Pods,
which I descovered.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-01-15 06:51:32 -05:00
b0b1d19723 namespaces: allow configuring keep-id userns size
Introduce a new option "size" to configure the maximum size of the
user namespace configured by keep-id.

Closes: https://github.com/containers/podman/issues/24837

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-01-08 10:08:29 +01:00
4f7395f93a Add --hosts-file flag to container and pod commands
* Add --hosts-file flag to container create, container run and pod create
* Add HostsFile field to pod inspect and container inspect results
* Test BaseHostsFile config in containers.conf

Signed-off-by: Gavin Lam <gavin.oss@tutamail.com>
2024-11-24 22:00:34 -05:00
d85ac938e6 Merge pull request #24442 from Honny1/change-healthcheck-config-via-podman-update
Configure HealthCheck with `podman update`
2024-11-22 15:57:30 +00:00
a1249425bd Configure HealthCheck with podman update
New flags in a `podman update` can change the configuration of HealthCheck when the container is started, without having to restart or recreate the container.

This can help determine why a given container suddenly started failing HealthCheck without interfering with the services it provides. For example, reconfigure HealthCheck to keep logs longer than the usual last X results, store logs to other destinations, etc.

Fixes: https://issues.redhat.com/browse/RHEL-60561

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2024-11-19 19:44:14 +01:00
315e7412e8 add support for driver-specific options during container creation
This way has a huge disadvantage: The user will not see an error when he
uses a non-existent option. Another disadvantage is, that if we add more
options within podman, they might collide with the names chosen by
plugins. Such issues might be hard to debug.
The advantage is that the usage is very nice:
--network bridge:opt1=val1,opt2=val2.

Alternatively, we could put this behind `opt=`, which is harder to use,
but would solve all issues above:
--network bridge:opt=opt1=val1,opt=opt2=val2

Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
2024-11-13 18:14:58 +01:00
37c8e10031 doc: explain --interactive in more detail
Clarifies the behavior of --interactive in both attached and unattached
scenarios.

Adds a caveat and explanation for --interactive being hungry as
described in https://github.com/containers/podman/issues/24370.

Signed-off-by: Alicia Boya García <aboya@igalia.com>
2024-11-01 08:23:08 +01:00
5ebba75dbd spec: always specify default rlimits
the previous implementation was expecting the rlimits to be set for the
entire process and clamping the values only when running as rootless.

Change the implementation to always specify the expected values in the
OCI spec file and do the clamping only when running as rootless and
using the default values.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2024-10-11 23:04:27 +02:00
6f9cc3755a Mention no_hosts and base_hosts_file configs in CLI option docs
Follow-up to #24043

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2024-10-02 23:15:24 +02:00
bb35ad1da4 Document that zstd:chunked is downgraded to zstd when encrypting
A part of https://github.com/containers/common/issues/2117 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2024-09-30 21:52:35 +02:00
5cef143030 Merge pull request #24043 from PhrozenByte/docs-add-host-gateway
[CI:DOCS] Update documentation of CLI options affecting `/etc/hosts`
2024-09-30 13:37:22 +00:00
6e4ef2c54d Update documentation of --no-hosts, --hostname, and --name CLI options
Update the docs to properly cross-reference the `--add-host` option.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2024-09-25 21:42:56 +02:00
c67d8baeb6 Update documentation of --add-host CLI option
Document the special *host-gateway* flag introduced with #19152, mention the special `host.containers.internal` and `host.docker.internal` hostnames, and clarify the option's usage in general.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2024-09-25 21:35:53 +02:00
de856dab99 Add --health-max-log-count, --health-max-log-size, --health-log-destination flags
These flags can affect the output of the HealtCheck log. Currently, when a container is configured with HealthCheck, the output from the HealthCheck command is only logged to the container status file, which is accessible via `podman inspect`.
It is also limited to the last five executions and the first 500 characters per execution.

This makes debugging past problems very difficult, since the only information available about the failure of the HealthCheck command is the generic `healthcheck service failed` record.

- The `--health-log-destination` flag sets the destination of the HealthCheck log.
  - `none`: (default behavior) `HealthCheckResults` are stored in overlay containers. (For example: `$runroot/healthcheck.log`)
  - `directory`: creates a log file named `<container-ID>-healthcheck.log` with JSON `HealthCheckResults` in the specified directory.
  - `events_logger`: The log will be written with logging mechanism set by events_loggeri. It also saves the log to a default directory, for performance on a system with a large number of logs.

- The `--health-max-log-count` flag sets the maximum number of attempts in the HealthCheck log file.
  - A value of `0` indicates an infinite number of attempts in the log file.
  - The default value is `5` attempts in the log file.
- The `--health-max-log-size` flag sets the maximum length of the log stored.
  - A value of `0` indicates an infinite log length.
  - The default value is `500` log characters.

Add --health-max-log-count flag

Signed-off-by: Jan Rodák <hony.com@seznam.cz>

Add --health-max-log-size flag

Signed-off-by: Jan Rodák <hony.com@seznam.cz>

Add --health-log-destination flag

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2024-09-25 14:01:35 +02:00
3f0483f880 Merge pull request #23802 from jerome59/main
Podman CLI --add-host with multiple host for a single IP
2024-09-17 12:54:46 +00:00
f4d0e124d6 Podman CLI --add-host with multiple host for a single IP
Signed-off-by: Jerome degroote <jeromedu59230@gmx.fr>
2024-09-17 09:35:38 +02:00
fdb2edf46a Fxi typo in cache-ttl.md
Signed-off-by: Eike Waldt <waldt@b1-systems.de>
2024-09-16 14:58:38 +02:00
d803bb3407 man pages: refactor two more options
We're supposed to catch duplicate man-page options in review,
but once in a while they sneak in. These are two dups that
are 100% identical, and were auto-refactored by a script
that I have. A few more options have snuck in (--dns, --usb)
but those have different text so they can't be handled by
my script. If anyone feels like refactoring those, go ahead.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2024-09-03 11:13:46 -06:00
1d5bdce3d9 Merge branch 'main' of github.com:containers/podman into man
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-08-21 08:59:06 -04:00
d5cd388729 Fix description of :Z to talk about pods
Fixes: 23329

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-08-19 09:57:25 -04:00
b8a9b184af Add --compat-volumes option to build and farm build
Add the `--compat-volumes option from Buildah v1.37 into
Podman in preparation of Podman v5.2

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2024-07-30 18:26:13 -04:00
9814ed40c7 docs: --network remove missing leading sentence
This senetence does not add any value and instead confuses users as it
suggest that the name is somhow special and related to bridge networks
which is not the case. Using either the name or id is fine as described
in the sentence before.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2024-07-01 11:46:34 +02:00
64091777fe Remove references to --pull=true and --pull=false
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-06-12 18:16:29 +02:00
9a8c3433c1 [CI:DOCS] Update podman network docs
Update the podman network docs to specify that the default rootless
networking tool has been swapped from slirp4netns to pasta.

Signed-off-by: Pranav RK <pranavrk7@gmail.com>
2024-05-17 19:05:31 +05:30
3c1c6a44ef Correct option name ip -> ip6
Also, properly capitalize.

Signed-off-by: Sander Maijers <3374183+sanmai-NL@users.noreply.github.com>
2024-04-25 22:17:06 +02:00
693ae0ebc6 Add support for image volume subpaths
Image volumes (the `--mount type=image,...` kind, not the
`podman volume create --driver image ...` kind - it's strange
that we have two) are needed for our automount scheme, but the
request is that we mount only specific subpaths from the image
into the container. To do that, we need image volume subpath
support. Not that difficult code-wise, mostly just plumbing.

Also, add support to the CLI; not strictly necessary, but it
doesn't hurt anything and will make testing easier.

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-04-25 14:12:27 -04:00
482ef7bfcf Add support for updating restart policy
This is something Docker does, and we did not do until now. Most
difficult/annoying part was the REST API, where I did not really
want to modify the struct being sent, so I made the new restart
policy parameters query parameters instead.

Testing was also a bit annoying, because testing restart policy
always is.

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-04-17 08:23:51 -04:00
d4ecae59bd [CI:DOCS] options/network: fix markdown lists
Markdown needs lists to be separate paragraphs, otherwise all the items
end up in a single line.

I also made arguments to be replaced italic to clarify that they
shouldn't be typed exactly as shown.

Signed-off-by: Baltazár Radics <baltazar.radics@gmail.com>
2024-04-16 10:59:30 +02:00
8de92ec912 docs: fix missleading run/create --expose description
The --expose option doesn't actually affect port forwarding or anything
like that.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2024-04-10 14:24:32 +02:00
2bbed8f200 Add man page content for artifacts
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-02-29 11:47:44 -05:00
66d60384f4 add --retry --retry-delay to podman run/create
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-02-29 10:20:21 -05:00