1podman-system-service(1) General Commands Manual podman-system-service(1)
2
3
4
6 podman-system-service - Run an API service
7
8
10 podman system service [options]
11
12
14 The podman system service command creates a listening service that will
15 answer API calls for Podman. You may optionally provide an endpoint
16 for the API in URI form. For example, unix:///tmp/foobar.sock or
17 tcp://localhost:8080. If no endpoint is provided, defaults will be
18 used. The default endpoint for a rootful service is unix:///run/pod‐
19 man/podman.sock and rootless is unix://$XDG_RUNTIME_DIR/podman/pod‐
20 man.sock (for example unix:///run/user/1000/podman/podman.sock)
21
22
23 To access the API service inside a container: - mount the socket as a
24 volume - run the container with --security-opt label=disable
25
26
27 The REST API provided by podman system service is split into two parts:
28 a compatibility layer offering support for the Docker v1.40 API, and a
29 Podman-native Libpod layer. Documentation for the latter is available
30 at https://docs.podman.io/en/latest/_static/api.html. Both APIs are
31 versioned, but the server will not reject requests with an unsupported
32 version set.
33
34
35 Please note that the API grants full access to Podman's capabilities,
36 and as such should be treated as allowing arbitrary code execution as
37 the user running the API. As such, we strongly recommend against mak‐
38 ing the API socket available via the network. The default configura‐
39 tion (a Unix socket with permissions set to only allow the user running
40 Podman) is the most secure way of running the API.
41
42
43 Note: The default systemd unit files (system and user) change the log-
44 level option to info from error. This change provides additional infor‐
45 mation on each API call.
46
47
49 --cors
50 CORS headers to inject to the HTTP response. The default value is empty
51 string which disables CORS headers.
52
53
54 --help, -h
55 Print usage statement.
56
57
58 --time, -t
59 The time until the session expires in seconds. The default is 5 sec‐
60 onds. A value of 0 means no timeout, therefore the session will not ex‐
61 pire.
62
63
64 The default timeout can be changed via the service_timeout=VALUE field
65 in containers.conf. See containers.conf(5) for more information.
66
67
69 Run an API listening for 5 seconds using the default socket.
70
71
72 podman system service --time 5
73
74
75
77 podman(1), podman-system-connection(1), containers.conf(5)
78
79
81 January 2020, Originally compiled by Brent Baude <bbaude@redhat.com>
82 November 2020, Updated by Jhon Honce (jhonce at redhat dot com)
83
84
85
86 podman-system-service(1)