podman-container-runlabel - Online Linux Manual PageSection : 1
NAMEpodman-container-runlabel - Executes a command as described by a container-image label
SYNOPSISpodman container runlabel [options] label image [arg...]
DESCRIPTIONpodman container runlabel reads the specified label of the image and executes it as command on the host. If the label does not exist, Podman will exit with an error. Additional arguments will be appended to the command. Historically, container images describe the contents (e.g., layers) and how a container runtime (e.g., crun(1) or runc(1)) should execute the container. For instance, an image may set the environment and the command in its configuration. However, a container image cannot directly specify how a container engine such as Podman should execute it. For instance, an image configuration does not include information about log drivers, namespaces or which capabilities it needs to run correctly. podman container runlabel addresses the limitation of container images in a simple yet efficient way. Podman will read the contents of the label and interpret it as a command that will be executed on the host. This way an image can describe exactly how it should be executed by Podman. For instance, a label with the content /usr/bin/podman run -d --pid=host --privileged \${IMAGE}\fR instructs the image to be executed in a detached, privileged container that is using the PID namespace of the host. This lifts the self-description of a container image from "what" to "how". Please note that the runlabel command is intended to be run in trusted environments exclusively. Using the command on untrusted images is not recommended.
VARIABLESThe contents of a label may refer to the following variables which will be substituted while processing the label. IMAGE The name of the image. When executing podman container runlabel label fedora the IMAGE variable will be replaced with fedora. Valid formats are IMAGE, $IMAGE, ${IMAGE} and =IMAGE. NAME As specified by the --name option. The format is identical to the one of the IMAGE attribute. PWD Will be replaced with the current working directory.
OPTIONS
--authfile=pathPath of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which is set using podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login. Note: There is also the option to override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. This can be done with export REGISTRY_AUTH_FILE=path.
--cert-dir=pathUse certificates at path (*.crt, *.cert, *.key) to connect to the registry. (Default: /etc/containers/certs.d) Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
--creds=[username[:password]]The [username[:password]] to use to authenticate with the registry, if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo.
--displayDisplay the label's value of the image having populated its environment variables. The runlabel command will not execute if --display is specified.
--help, -hPrint usage statement
--name, -n=nameUse this name for creating content for the container. If not specified, name defaults to the name of the image.
--quiet, -qSuppress output information when pulling images
--replaceIf a container exists of the default or given name, as needed it will be stopped, deleted and a new container will be created from this image.
--tls-verifyRequire HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, TLS verification will be used. If set to false, TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in containers-registries.conf(5)
EXAMPLESExecute the run label of an image called foobar. $ podman container runlabel run foobar
Execute the install label of an image called foobar with additional arguments. $ podman container runlabel install foobar apples oranges
Display the contents of the run label of image foobar. $ podman container runlabel --display run foobar
SEE ALSOpodman(1), crun(1), runc(8), containers-certs.d(5), containers-auth.json(5), containers-registries.conf(5)
HISTORYAugust 2021, Refinements by Valentin Rothberg (rothberg at redhat dot com) September 2018, Originally compiled by Brent Baude (bbaude at redhat dot com) 0
Johanes Gumabo
Data Size : 21,132 byte
man-podman-container-runlabel.1Build : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 3 / 185,184
Visitor ID : :
Visitor IP : 3.146.178.220 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.
ERROR : Need New Coding : (rof_escape_sequence|91|podman-container-runlabel.1|19|\${IMAGE}\fR instructs the image to be executed in a detached, privileged container that is using the PID namespace of the host. This lifts the self-description of a container image from "what" to "how". |\fB\fCpodman container runlabel\fR addresses the limitation of container images in a simple yet efficient way. Podman will read the contents of the label and interpret it as a command that will be executed on the host. This way an image can describe exactly how it should be executed by Podman. For instance, a label with the content \fB\fC/usr/bin/podman run -d --pid=host --privileged \\${IMAGE}\fR instructs the image to be executed in a detached, privileged container that is using the PID namespace of the host. This lifts the self-description of a container image from "what" to "how".
)