mirror/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2026-06-04 05:51:51 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
1de60ebf7bbfca4a893f2862adefae09f381e67f
podman/docs/source/markdown/options/device.md
Jan Kaluza 7612af4c0e Rewrite the Quadlet documentation 
This commit does the following:

- Splits the podman-systemd.unit.5.md into multiple files - one for each quadlet file type.
- Adds the podman-quadlet-basic-usage.7.md for quadlet examples.
- Majority of the text in the new files is copied from the podman-systemd.unit.5.md
- Adds support for very simple condditional in the markdown_preprocess.
- Uses new logic in markdown_preprocess in options/*.md to use a single .md file for both
  podman subcommands man-pages and quadlet man-pages. This deduplicates the Quadlet man-pages a lot.
- Adds new `@@option quadlet:source.md`` preprocess command to import such .md files from options directory.

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
2026-05-04 10:53:36 +02:00

1.5 KiB
Raw Blame History

####> This option file is used in: ####> podman build, podman-container.unit.5.md.in, create, farm build, pod clone, pod create, run ####> If file is edited, make sure the changes ####> are applicable to all of those. << if is_quadlet >>

AddDevice=host-device[:container-device][:permissions]

<< else >>

--device=host-device[:container-device][:permissions]

<< endif >>

Add a host device to the <<container|pod>>. The format of this is HOST-DEVICE[:CONTAINER-DEVICE][:PERMISSIONS], where HOST-DEVICE is the path of the device node on the host, CONTAINER-DEVICE is the path of the device node in the container, and PERMISSIONS is a list of permissions combining 'r' for read, 'w' for write, and 'm' for mknod(2).

Example: --device=/dev/sdc:/dev/xvdc:rwm.

Note: if host-device is a symbolic link then it is resolved first. The <<container|pod>> only stores the major and minor numbers of the host device.

Podman may load kernel modules required for using the specified device. The devices that Podman loads modules for when necessary are: /dev/fuse.

In rootless mode, the new device is bind mounted in the container from the host rather than Podman creating it within the container space. Because the bind mount retains its SELinux label on SELinux systems, the container can get permission denied when accessing the mounted device. Modify SELinux settings to allow containers to use all device labels via the following command:

$ sudo setsebool -P container_use_devices=true

Reference in New Issue View Git Blame Copy Permalink