mirror of
https://github.com/containers/podman
synced 2024-10-20 09:13:46 +00:00
c6090c290e
New functionality in hack/man-page-checker: start cross- referencing the man page 'Synopsis' line against the output of 'podman foo --help'. This is part 1, flag/option consistency. Part 2 (arg consistency) is too big and will have to wait for later. flag/option consistency means: if 'podman foo --help' includes the string '[flags]' in the Usage message, make sure the man page includes '[*options*]' in its Synopsis line, and vice-versa. This found several inconsistencies, which I've fixed. While doing this I realized that Cobra automatically includes a 'Flags:' subsection in its --help output for all subcommands that have defined flags. This is great - it lets us cross-check against the usage synopsis, and make sure that '[flags]' is present or absent as needed, without fear of human screwups. If a flag-less subcommand ever gets extended with flags, but the developer forgets to add '[flags]' and remove DisableFlagsInUseLine, we now have a test that will catch that. (This, too, caught two instances which I fixed). I don't actually know if the new man-page-checker functionality will work in CI: I vaguely recall that it might run before 'make podman' does; and also vaguely recall that some steps were taken to remedy that. Signed-off-by: Ed Santiago <santiago@redhat.com>
43 lines
1.5 KiB
Markdown
43 lines
1.5 KiB
Markdown
% podman-unshare(1)
|
|
|
|
## NAME
|
|
podman\-unshare - Run a command inside of a modified user namespace
|
|
|
|
## SYNOPSIS
|
|
**podman unshare** [*--*] [*command*]
|
|
|
|
## DESCRIPTION
|
|
Launches a process (by default, *$SHELL*) in a new user namespace. The user
|
|
namespace is configured so that the invoking user's UID and primary GID appear
|
|
to be UID 0 and GID 0, respectively. Any ranges which match that user and
|
|
group in `/etc/subuid` and `/etc/subgid` are also mapped in as themselves with the
|
|
help of the *newuidmap(1)* and *newgidmap(1)* helpers.
|
|
|
|
**podman unshare** is useful for troubleshooting unprivileged operations and for
|
|
manually clearing storage and other data related to images and containers.
|
|
|
|
It is also useful if you want to use the **podman mount** command. If an unprivileged user wants to mount and work with a container, then they need to execute
|
|
**podman unshare**. Executing **podman mount** fails for unprivileged users unless the user is running inside a **podman unshare** session.
|
|
|
|
The unshare session defines two environment variables:
|
|
|
|
- **CONTAINERS_GRAPHROOT**: the path to the persistent container's data.
|
|
- **CONTAINERS_RUNROOT**: the path to the volatile container's data.
|
|
|
|
## EXAMPLE
|
|
|
|
```
|
|
$ podman unshare id
|
|
uid=0(root) gid=0(root) groups=0(root),65534(nobody)
|
|
|
|
$ podman unshare cat /proc/self/uid_map /proc/self/gid_map
|
|
0 1000 1
|
|
1 10000 65536
|
|
0 1000 1
|
|
1 10000 65536
|
|
```
|
|
|
|
|
|
## SEE ALSO
|
|
podman(1), podman-mount(1), namespaces(7), newuidmap(1), newgidmap(1), user\_namespaces(7)
|