1podman-exec(1) General Commands Manual podman-exec(1)
2
6 podman-exec - Execute a command in a running container
7
10 podman exec [options] container [command [arg ...]]
11 podman container exec [options] container [command [arg ...]]
14
17 podman exec executes a command in a running container.
18
21 --detach, -d
22 Start the exec session, but do not attach to it. The command runs in
23 the background, and the exec session is automatically removed when it
24 completes. The podman exec command prints the ID of the exec session
25 and exits immediately after it starts.
26 --detach-keys=sequence
29 Specify the key sequence for detaching a container. Format is a single
30 character [a-Z] or one or more ctrl-<value> characters where <value> is
31 one of: a-z, @, ^, [, , or _. Specifying "" disables this feature. The
32 default is ctrl-p,ctrl-q.
33 This option can also be set in containers.conf(5) file.
36 --env, -e=env
39 Set environment variables.
40 This option allows arbitrary environment variables that are available
43 for the process to be launched inside of the container. If an environ‐
44 ment variable is specified without a value, Podman checks the host en‐
45 vironment for a value and set the variable only if it is set on the
46 host. As a special case, if an environment variable ending in * is
47 specified without a value, Podman searches the host environment for
48 variables starting with the prefix and adds those variables to the con‐
49 tainer.
50 --env-file=file
53 Read in a line-delimited file of environment variables.
54 --interactive, -i
57 When set to true, keep stdin open even if not attached. The default is
58 false.
59 --latest, -l
62 Instead of providing the container name or ID, use the last created
63 container. Note: the last started container can be from other users of
64 Podman on the host machine. (This option is not available with the re‐
65 mote Podman client, including Mac and Windows (excluding WSL2) ma‐
66 chines)
67 --preserve-fds=N
70 Pass down to the process N additional file descriptors (in addition to
71 0, 1, 2). The total FDs are 3+N. (This option is not available with
72 the remote Podman client, including Mac and Windows (excluding WSL2)
73 machines)
74 --privileged
77 Give extended privileges to this container. The default is false.
78 By default, Podman containers are unprivileged (=false) and cannot, for
81 example, modify parts of the operating system. This is because by de‐
82 fault a container is only allowed limited access to devices. A "privi‐
83 leged" container is given the same access to devices as the user
84 launching the container, with the exception of virtual consoles
85 (/dev/tty\d+) when running in systemd mode (--systemd=always).
86 A privileged container turns off the security features that isolate the
89 container from the host. Dropped Capabilities, limited devices, read-
90 only mount points, Apparmor/SELinux separation, and Seccomp filters are
91 all disabled. Due to the disabled security features, the privileged
92 field should almost never be set as containers can easily break out of
93 confinement.
94 Containers running in a user namespace (e.g., rootless containers) can‐
97 not have more privileges than the user that launched them.
98 --tty, -t
101 Allocate a pseudo-TTY. The default is false.
102 When set to true, Podman allocates a pseudo-tty and attach to the stan‐
105 dard input of the container. This can be used, for example, to run a
106 throwaway interactive shell.
107 NOTE: The --tty flag prevents redirection of standard output. It com‐
110 bines STDOUT and STDERR, it can insert control characters, and it can
111 hang pipes. This option is only used when run interactively in a termi‐
112 nal. When feeding input to Podman, use -i only, not -it.
113 --user, -u=user[:group]
116 Sets the username or UID used and, optionally, the groupname or GID for
117 the specified command. Both user and group may be symbolic or numeric.
118 Without this argument, the command runs as the user specified in the
121 container image. Unless overridden by a USER command in the Container‐
122 file or by a value passed to this option, this user generally defaults
123 to root.
124 When a user namespace is not in use, the UID and GID used within the
127 container and on the host match. When user namespaces are in use, how‐
128 ever, the UID and GID in the container may correspond to another UID
129 and GID on the host. In rootless containers, for example, a user name‐
130 space is always used, and root in the container by default corresponds
131 to the UID and GID of the user invoking Podman.
132 --workdir, -w=dir
135 Working directory inside the container.
136 The default working directory for running binaries within a container
139 is the root directory (/). The image developer can set a different de‐
140 fault with the WORKDIR instruction. The operator can override the work‐
141 ing directory by using the -w option.
142
145 The exit code from podman exec gives information about why the command
146 within the container failed to run or why it exited. When podman exec
147 exits with a non-zero code, the exit codes follow the chroot standard,
148 see below:
149 125 The error is with Podman itself
152 $ podman exec --foo ctrID /bin/sh; echo $?
154 Error: unknown flag: --foo
155 125
156 126 The contained command cannot be invoked
160 $ podman exec ctrID /etc; echo $?
162 Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error
163 126
164 127 The contained command cannot be found
168 $ podman exec ctrID foo; echo $?
170 Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error
171 127
172 Exit code The contained command exit code
176 $ podman exec ctrID /bin/sh -c 'exit 3'; echo $?
178 3
179
183 $ podman exec -it ctrID ls
184 $ podman exec -it -w /tmp myCtr pwd
185 $ podman exec --user root ctrID ls
186
190 podman(1), podman-run(1)
191
194 December 2017, Originally compiled by Brent Baudebbaude@redhat.com
195 ⟨mailto:bbaude@redhat.com⟩
196 podman-exec(1)