1runc-exec(8)                System Manager's Manual               runc-exec(8)
2
3
4

NAME

6       runc-exec - execute new process inside the container
7
8
9

SYNOPSIS

11       runc exec [option ...] container-id [--] command [arg ...]
12
13
14       runc exec [option ...] -p process.json container-id
15
16
17

OPTIONS

19       --console-socket path
20              Path  to an AF_UNIX  socket which will receive a file descriptor
21              referencing the master end of the console's pseudoterminal.  See
22              docs/terminals ⟨https://github.com/opencontainers/runc/blob/mas‐
23              ter/docs/terminals.md⟩.
24
25
26       --cwd path
27              Change to path in the container before executing the command.
28
29
30       --env|-e name=value
31              Set an environment variable name to value. Can be specified mul‐
32              tiple times.
33
34
35       --tty|-t
36              Allocate a pseudo-TTY.
37
38
39       --user|-u uid[:gid]
40              Run  the command as a user (and, optionally, group) specified by
41              uid (and gid).
42
43
44       --additional-gids|-g gid
45              Add additional group IDs. Can be specified multiple times.
46
47
48       --process|-p process.json
49              Instead of specifying all the exec parameters  directly  on  the
50              command line, get them from a process.json, a JSON file contain‐
51              ing the process specification as defined by the OCI runtime spec
52              ⟨https://github.com/opencontainers/runtime-spec/blob/master/con‐
53              fig.md#process⟩.
54
55
56       --detach|-d
57              Detach from the container's process.
58
59
60       --pid-file path
61              Specify the file to write the container process' PID to.
62
63
64       --process-label label
65              Set the asm process label for the  process  commonly  used  with
66              selinux(7).
67
68
69       --apparmor profile
70              Set the apparmor(7) profile for the process.
71
72
73       --no-new-privs
74              Set the "no new privileges" value for the process.
75
76
77       --cap cap
78              Add  a  capability  to  the bounding set for the process. Can be
79              specified multiple times.
80
81
82       --preserve-fds N
83              Pass N additional file descriptors to  the  container  (stdio  +
84              $LISTEN_FDS + N in total). Default is 0.
85
86
87       --ignore-paused
88              Allow  exec in a paused container. By default, if a container is
89              paused, runc exec errors out; this option can be used  to  over‐
90              ride it.  A paused container needs to be resumed for the exec to
91              complete.
92
93
94       --cgroup path | controller[,controller...]:path
95              Execute a process in a sub-cgroup. If the specified cgroup  does
96              not  exist,  an  error is returned. Default is empty path, which
97              means to use container's top level cgroup.
98
99              For cgroup v1 only, a particular controller (or multiple  comma-
100              separated  controllers)  can be specified, and the option can be
101              used multiple times to set different paths  for  different  con‐
102              trollers.
103
104              Note for cgroup v2, in case the process can't join the top level
105              cgroup, runc exec fallback is to try joining the cgroup of  con‐
106              tainer's  init.  This fallback can be disabled by using --cgroup
107              /.
108
109
110

EXIT STATUS

112       Exits with a status of command (unless -d is used), or 255 if an  error
113       occurred.
114
115
116

EXAMPLES

118       If  the  container  can  run ps(1) command, the following will output a
119       list of processes running in the container:
120
121
122              # runc exec <container-id> ps
123
124
125
126

SEE ALSO

128       runc(8).
129
130
131
132                                                                  runc-exec(8)