Standardize on no-trunc through the code.
Alias notruncate where necessary.
Standardize on the man page display of no-trunc.
Fixes: https://github.com/containers/podman/issues/8941
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allows users to specify a readonly rootfs with :O, in exchange podman will create a writable overlay.
bump builah to v1.22.1-0.20210823173221-da2b428c56ce
[NO TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Add the --userns flag to podman pod create and keep
track of the userns setting that pod was created with
so that all containers created within the pod will inherit
that userns setting.
Specifically we need to be able to launch a pod with
--userns=keep-id
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Execution domains tell Linux how to map signal numbers into signal actions.
The execution domain system allows Linux to provide limited support for binaries
compiled under other UNIX-like operating systems.
Reference: https://man7.org/linux/man-pages/man2/personality.2.html
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is:
a) easier to remember than some random IP
b) if the IP changes some time in the future the container will continue to work
And explain hostname adding in more detail
As per @mheon's suggestion.
And explain hostname adding *reason*
Also implies an suggestion for using the hostname instead.
And port change from podman-create man page to podman-run, too
Signed-off-by: rugk <rugk+git@posteo.de>
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
Support UID, GID, Mode options for mount type secrets. Also, change
default secret permissions to 444 so all users can read secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
Commit 800a2e2d35 introduced a way to disable the conversion of `--`into
an en dash on docs.podman.io, so the ugly workaround of escaping the
dashes is no longer necessary.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Once we settle on the wording for short-names in podman-pull, I will
add the same section to all of the podman commands that use pull.
Also ran through all man pages with a spell checker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Env var secrets are env vars that are set inside the container but not
commited to and image. Also support reading from env var when creating a
secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.
Fixes: https://github.com/containers/podman/issues/6412
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently we have rootless users who want to leak their groups access
into containers, but this group access is only able to be pushed in by
a hard to find OCI Runtime annotation. This PR makes this option a lot
more visable and hides the complexity within the podman client.
This option is only really needed for local rootless users. It makes
no sense for remote clients, and probably makes little sense for
rootfull containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Introduce the concept of "intermediate UID" to explain
how --uidmap works when running rootless.
Add Markdown tables to show examples of how UIDs are mapped.
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Podman has, for a long time, had an internal concept of
dependency management, used mainly to ensure that pod infra
containers are started before any other container in the pod. We
also have the ability to recursively start these dependencies,
which we use to ensure that `podman start` on a container in a
pod will not fail because the infra container is stopped. We have
not, however, exposed these via the command line until now.
Add a `--requires` flag to `podman run` and `podman create` to
allow users to manually specify dependency containers. These
containers must be running before the container will start. Also,
make recursive starting with `podman start` default so we can
start these containers and their dependencies easily.
Fixes#9250
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Adjust Markdown layout for --userns.
* Make the --userns sections identical for podman-run.1.md and podman-create.1.md
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Fix typos --uidmapping and --gidmapping in podman-run.1.md
* Add the corresponding sentence in podman-create.1.md
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
[NO TESTS NEEDED] This PR is mainly documentation and some code cleanup.
Also cleanup and consolidate handling of other hanlding of podman-remote
hidden options.
Fixes: https://github.com/containers/podman/issues/9874
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Escape the two dashes, otherwise they are combined into one long dash.
I tested that this change is safe and still renders correctly on github
and with the man pages.
This commit also contains a small change to make it build locally.
Assuming you have the dependencies installed you can do:
```
cd docs
make html
```
Preview the html files in docs/build/html with
`python -m http.server 8000 --directory build/html`.
Fixescontainers/podman.io#373
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The implementation uses `io.containers.seccomp.profile` while the docs
mentioned `io.podman`. Correct the two references in the docs to
reflect the implementation.
Fixes: #9853
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add docs explaining that it is safe to remove a secret that is in use by
a container: secrets are copied and mounted into the container at
creation
Signed-off-by: Ashley Cui <acui@redhat.com>
Remove --volume option from podman-remote since it is
not supported, also add information to podman-build man page
indicating options not supported over remote connections.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
The mtu default value is currently forced to 65520.
This let the user control it using the config key network_cmd_options,
i.e.: network_cmd_options=["mtu=9000"]
Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
Currently podman implements --override-arch and --overide-os
But Podman has made these aliases for --arch and --os. No
reason to have to specify --override, since it is clear what
the user intends.
Currently if the user specifies an --override-arch field but the
image was previously pulled for a different Arch, podman run uses
the different arch. This PR also fixes this issue.
Fixes: https://github.com/containers/podman/issues/8001
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
I'm tired of seeing these every time I run 'make':
WARNING: go-md2man does not handle node type HTMLSpan
Cause: left-angle-brackets ( < ) in document source
Solution:
1) backquote-escape those that need to be shown, usually
ones referring to an argument or email address; or
2) Actual HTML ( <sup> and <a> ) which are meant to be
shown in generated HTML docs but can't be shown in
man pages, we filter out via a sed expression.
Signed-off-by: Ed Santiago <santiago@redhat.com>
