container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-19 08:44:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4557 from rhatdan/man

Browse source 
Document other bind options on --volumes flag
This commit is contained in:
OpenShift Merge Robot 2019-11-26 18:50:37 +01:00 committed by GitHub
parent aef38585ed a4983b05fb
commit f5ef3d59bc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
docs/source/markdown/podman-create.1.md
View file

@ -817,6 +817,10 @@ container. The `OPTIONS` are a comma delimited list and can be:
* [rw|ro]
* [z|Z]
* [`[r]shared`|`[r]slave`|`[r]private`]
* [`[r]bind`]
* [`noexec`|`exec`]
* [`nodev`|`dev`]
* [`nosuid`|`suid`]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory.
@ -870,6 +874,25 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave.
If you want to recursively mount a volume and all of it's submounts into a
container, then you can use the `rbind` option. By default the bind option is
used, and submounts of the source directory will not be mounted into the
container.
Mounting the volume with the `nosuid` options means that SUID applications on
the volume will not be able to change their privilege. By default volumes
are mounted with `nosuid`.
Mounting the volume with the noexec option means that no executables on the
volume will be able to executed within the container.
Mounting the volume with the nodev option means that no devices on the volume
will be able to be used by processes within the container. By default volumes
are mounted with `nodev`.
If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are
ignored by the kernel.
Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one

23
docs/source/markdown/podman-run.1.md
View file

@ -860,6 +860,10 @@ create one.
* [`rw`|`ro`]
* [`z`|`Z`]
* [`[r]shared`|`[r]slave`|`[r]private`]
* [`[r]bind`]
* [`noexec`|`exec`]
* [`nodev`|`dev`]
* [`nosuid`|`suid`]
The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
will be mounted into the container at this directory.
@ -913,6 +917,25 @@ where source dir is mounted on) has to have right propagation properties. For
shared volumes, source mount point has to be shared. And for slave volumes,
source mount has to be either shared or slave.
If you want to recursively mount a volume and all of it's submounts into a
container, then you can use the `rbind` option. By default the bind option is
used, and submounts of the source directory will not be mounted into the
container.
Mounting the volume with the `nosuid` options means that SUID applications on
the volume will not be able to change their privilege. By default volumes
are mounted with `nosuid`.
Mounting the volume with the noexec option means that no executables on the
volume will be able to executed within the container.
Mounting the volume with the nodev option means that no devices on the volume
will be able to be used by processes within the container. By default volumes
are mounted with `nodev`.
If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are
ignored by the kernel.
Use `df <source-dir>` to figure out the source mount and then use
`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
properties of source mount. If `findmnt` utility is not available, then one