opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-10 09:47:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/docs/source/markdown/options/systemd.md
Ed Santiago c9c2f644da markdown-preprocess: cross-reference where opts are used 
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.

This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.

I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-20 10:57:51 -06:00

34 lines
1.3 KiB
Markdown
Raw Blame History

####> This option file is used in:
####> podman create, run
####> If you edit this file, make sure your changes
####> are applicable to all of those.
#### **--systemd**=*true* | *false* | *always*
Run container in systemd mode. The default is **true**.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
Running the container in systemd mode causes the following changes:
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
Note that on **SELinux** systems, systemd attempts to write to the cgroup
file system. Containers writing to the cgroup file system are denied by default.
The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
```
setsebool -P container_manage_cgroup true
```
Reference in New Issue View Git Blame Copy Permalink