1podman-exec(1) General Commands Manual podman-exec(1)
2
6 podman-exec - Execute a command in a running container
7
10 podman exec [options] container [command [arg ...]]
11 podman container exec [options] container [command [arg ...]]
14
17 podman exec executes a command in a running container.
18
21 --detach, -d
22 Start the exec session, but do not attach to it. The command will run
23 in the background and the exec session will be automatically removed
24 when it completes. The podman exec command will print the ID of the
25 exec session and exit immediately after it starts.
26 --detach-keys=sequence
29 Specify the key sequence for detaching a container. Format is a single
30 character [a-Z] or one or more ctrl-<value> characters where <value> is
31 one of: a-z, @, ^, [, , or _. Specifying "" will disable this feature.
32 The default is ctrl-p,ctrl-q.
33 This option can also be set in containers.conf(5) file.
36 --env, -e=env
39 Set environment variables.
40 This option allows arbitrary environment variables that are available
43 for the process to be launched inside of the container. If an environ‐
44 ment variable is specified without a value, Podman will check the host
45 environment for a value and set the variable only if it is set on the
46 host. As a special case, if an environment variable ending in * is
47 specified without a value, Podman will search the host environment for
48 variables starting with the prefix and will add those variables to the
49 container.
50 --env-file=file
53 Read in a line-delimited file of environment variables.
54 --interactive, -i
57 When set to true, keep stdin open even if not attached. The default is
58 false.
59 --latest, -l
62 Instead of providing the container name or ID, use the last created
63 container. If you use methods other than Podman to run containers such
64 as CRI-O, the last started container could be from either of those
65 methods. (This option is not available with the remote Podman client,
66 including Mac and Windows (excluding WSL2) machines)
67 --preserve-fds=N
70 Pass down to the process N additional file descriptors (in addition to
71 0, 1, 2). The total FDs will be 3+N. (This option is not available
72 with the remote Podman client, including Mac and Windows (excluding
73 WSL2) machines)
74 --privileged
77 Give extended privileges to this container. The default is false.
78 By default, Podman containers are unprivileged (=false) and cannot, for
81 example, modify parts of the operating system. This is because by de‐
82 fault a container is only allowed limited access to devices. A "privi‐
83 leged" container is given the same access to devices as the user
84 launching the container.
85 A privileged container turns off the security features that isolate the
88 container from the host. Dropped Capabilities, limited devices, read-
89 only mount points, Apparmor/SELinux separation, and Seccomp filters are
90 all disabled.
91 Rootless containers cannot have more privileges than the account that
94 launched them.
95 --tty, -t
98 Allocate a pseudo-TTY. The default is false.
99 When set to true, Podman will allocate a pseudo-tty and attach to the
102 standard input of the container. This can be used, for example, to run
103 a throwaway interactive shell.
104 NOTE: The --tty flag prevents redirection of standard output. It com‐
107 bines STDOUT and STDERR, it can insert control characters, and it can
108 hang pipes. This option should only be used when run interactively in a
109 terminal. When feeding input to Podman, use -i only, not -it.
110 --user, -u=user[:group]
113 Sets the username or UID used and, optionally, the groupname or GID for
114 the specified command. Both user and group may be symbolic or numeric.
115 Without this argument, the command will run as the user specified in
118 the container image. Unless overridden by a USER command in the Con‐
119 tainerfile or by a value passed to this option, this user generally de‐
120 faults to root.
121 When a user namespace is not in use, the UID and GID used within the
124 container and on the host will match. When user namespaces are in use,
125 however, the UID and GID in the container may correspond to another UID
126 and GID on the host. In rootless containers, for example, a user name‐
127 space is always used, and root in the container will by default corre‐
128 spond to the UID and GID of the user invoking Podman.
129 --workdir, -w=dir
132 Working directory inside the container.
133 The default working directory for running binaries within a container
136 is the root directory (/). The image developer can set a different de‐
137 fault with the WORKDIR instruction. The operator can override the work‐
138 ing directory by using the -w option.
139
142 The exit code from podman exec gives information about why the command
143 within the container failed to run or why it exited. When podman exec
144 exits with a non-zero code, the exit codes follow the chroot standard,
145 see below:
146 125 The error is with Podman itself
149 $ podman exec --foo ctrID /bin/sh; echo $?
152 Error: unknown flag: --foo
153 125
154 126 The contained command cannot be invoked
158 $ podman exec ctrID /etc; echo $?
161 Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error
162 126
163 127 The contained command cannot be found
167 $ podman exec ctrID foo; echo $?
170 Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error
171 127
172 Exit code The contained command exit code
176 $ podman exec ctrID /bin/sh -c 'exit 3'; echo $?
179 3
180
184 $ podman exec -it ctrID ls
185 $ podman exec -it -w /tmp myCtr pwd
186 $ podman exec --user root ctrID ls
187
191 podman(1), podman-run(1)
192
195 December 2017, Originally compiled by Brent Baudebbaude@redhat.com
196 ⟨mailto:bbaude@redhat.com⟩
197 podman-exec(1)