opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-02 14:55:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/docs/source/markdown/options/device.md
Ed Santiago c9c2f644da markdown-preprocess: cross-reference where opts are used 
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.

This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.

I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-20 10:57:51 -06:00

27 lines
1.2 KiB
Markdown
Raw Blame History

####> This option file is used in:
####> podman build, create, pod clone, pod create, run
####> If you edit this file, make sure your changes
####> are applicable to all of those.
#### **--device**=*host-device[:container-device][:permissions]*
Add a host device to the <<container|pod>>. Optional *permissions* parameter
can be used to specify device permissions by combining
**r** for read, **w** for write, and **m** for **mknod**(2).
Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
Note: if *host-device* is a symbolic link then it will be resolved first.
The <<container|pod>> will only store the major and minor numbers of the host device.
Podman may load kernel modules required for using the specified
device. The devices that Podman will load modules for when necessary are:
/dev/fuse.
In rootless mode, the new device is bind mounted in the container from the host
rather than Podman creating it within the container space. Because the bind
mount retains its SELinux label on SELinux systems, the container can get
permission denied when accessing the mounted device. Modify SELinux settings to
allow containers to use all device labels via the following command:
$ sudo setsebool -P container_use_devices=true
Reference in New Issue View Git Blame Copy Permalink