.nh .TH podman-exec 1 .SH NAME .PP podman-exec - Execute a command in a running container .SH SYNOPSIS .PP \fBpodman exec\fP [\fIoptions\fP] \fIcontainer\fP [\fIcommand\fP [\fIarg\fP ...]] .PP \fBpodman container exec\fP [\fIoptions\fP] \fIcontainer\fP [\fIcommand\fP [\fIarg\fP ...]] .SH DESCRIPTION .PP \fBpodman exec\fP executes a command in a running container. .SH OPTIONS .SS \fB--detach\fP, \fB-d\fP .PP Start the exec session, but do not attach to it. The command runs in the background, and the exec session is automatically removed when it completes. The \fBpodman exec\fP command prints the ID of the exec session and exits immediately after it starts. .SS \fB--detach-keys\fP=\fIsequence\fP .PP Specify the key sequence for detaching a container. Format is a single character \fB[a-Z]\fR or one or more \fBctrl-\fR characters where \fB\fR is one of: \fBa-z\fR, \fB@\fR, \fB^\fR, \fB[\fR, \fB,\fR or \fB_\fR\&. Specifying "" disables this feature. The default is \fIctrl-p,ctrl-q\fP\&. .PP This option can also be set in \fBcontainers.conf\fP(5) file. .SS \fB--env\fP, \fB-e\fP=\fIenv\fP .PP Set environment variables. .PP This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman checks the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in \fB*\fP is specified without a value, Podman searches the host environment for variables starting with the prefix and adds those variables to the container. .SS \fB--env-file\fP=\fIfile\fP .PP Read in a line-delimited file of environment variables. .SS \fB--interactive\fP, \fB-i\fP .PP When set to \fBtrue\fP, keep stdin open even if not attached. The default is \fBfalse\fP\&. .SS \fB--latest\fP, \fB-l\fP .PP Instead of providing the container name or ID, use the last created container. Note: the last started container can be from other users of Podman on the host machine. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) .SS \fB--preserve-fd\fP=\fIFD1[,FD2,...]\fP .PP Pass down to the process the additional file descriptors specified in the comma separated list. It can be specified multiple times. This option is only supported with the crun OCI runtime. It might be a security risk to use this option with other OCI runtimes. .PP (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) .SS \fB--preserve-fds\fP=\fIN\fP .PP Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs are 3+N. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) .SS \fB--privileged\fP .PP Give extended privileges to this container. The default is \fBfalse\fP\&. .PP By default, Podman containers are unprivileged (\fB=false\fP) and cannot, for example, modify parts of the operating system. This is because by default a container is only allowed limited access to devices. A "privileged" container is given the same access to devices as the user launching the container, with the exception of virtual consoles (\fI/dev/tty\\d+\fP) when running in systemd mode (\fB--systemd=always\fP). .PP A privileged container turns off the security features that isolate the container from the host. Dropped Capabilities, limited devices, read-only mount points, Apparmor/SELinux separation, and Seccomp filters are all disabled. Due to the disabled security features, the privileged field should almost never be set as containers can easily break out of confinement. .PP Containers running in a user namespace (e.g., rootless containers) cannot have more privileges than the user that launched them. .SS \fB--tty\fP, \fB-t\fP .PP Allocate a pseudo-TTY. The default is \fBfalse\fP\&. .PP When set to \fBtrue\fP, Podman allocates a pseudo-tty and attach to the standard input of the container. This can be used, for example, to run a throwaway interactive shell. .PP \fBNOTE\fP: The --tty flag prevents redirection of standard output. It combines STDOUT and STDERR, it can insert control characters, and it can hang pipes. This option is only used when run interactively in a terminal. When feeding input to Podman, use -i only, not -it. .SS \fB--user\fP, \fB-u\fP=\fIuser[:group]\fP .PP Sets the username or UID used and, optionally, the groupname or GID for the specified command. Both \fIuser\fP and \fIgroup\fP may be symbolic or numeric. .PP Without this argument, the command runs as the user specified in the container image. Unless overridden by a \fBUSER\fR command in the Containerfile or by a value passed to this option, this user generally defaults to root. .PP When a user namespace is not in use, the UID and GID used within the container and on the host match. When user namespaces are in use, however, the UID and GID in the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in the container by default corresponds to the UID and GID of the user invoking Podman. .SS \fB--workdir\fP, \fB-w\fP=\fIdir\fP .PP Working directory inside the container. .PP The default working directory for running binaries within a container is the root directory (\fB/\fP). The image developer can set a different default with the WORKDIR instruction. The operator can override the working directory by using the \fB-w\fP option. .SH Exit Status .PP The exit code from \fBpodman exec\fR gives information about why the command within the container failed to run or why it exited. When \fBpodman exec\fR exits with a non-zero code, the exit codes follow the \fBchroot\fR standard, see below: .PP \fB125\fP The error is with Podman itself .EX $ podman exec --foo ctrID /bin/sh; echo $? Error: unknown flag: --foo 125 .EE .PP \fB126\fP The \fIcontained command\fP cannot be invoked .EX $ podman exec ctrID /etc; echo $? Error: container_linux.go:346: starting container process caused "exec: \\"/etc\\": permission denied": OCI runtime error 126 .EE .PP \fB127\fP The \fIcontained command\fP cannot be found .EX $ podman exec ctrID foo; echo $? Error: container_linux.go:346: starting container process caused "exec: \\"foo\\": executable file not found in $PATH": OCI runtime error 127 .EE .PP \fBExit code\fP The \fIcontained command\fP exit code .EX $ podman exec ctrID /bin/sh -c 'exit 3'; echo $? 3 .EE .SH EXAMPLES .PP Execute command in selected container with a stdin and a tty allocated: .EX $ podman exec -it ctrID ls .EE .PP Execute command with the overridden working directory in selected container with a stdin and a tty allocated: .EX $ podman exec -it -w /tmp myCtr pwd .EE .PP Execute command as the specified user in selected container: .EX $ podman exec --user root ctrID ls .EE .SH SEE ALSO .PP \fBpodman(1)\fP, \fBpodman-run(1)\fP .SH HISTORY .PP December 2017, Originally compiled by Brent Baudebbaude@redhat.com \[la]mailto:bbaude@redhat.com\[ra]