github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/options/read-only-tmpfs.md

github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/options/read-only-tmpfs.md (about)

     1  ####> This option file is used in:
     2  ####>   podman create, run
     3  ####> If file is edited, make sure the changes
     4  ####> are applicable to all of those.
     5  #### **--read-only-tmpfs**
     6  
     7  When running --read-only containers, mount a read-write tmpfs on _/dev_, _/dev/shm_, _/run_, _/tmp_, and _/var/tmp_. The default is **true**.
     8  
     9  | --read-only | --read-only-tmpfs |  /   | /run, /tmp, /var/tmp|
    10  | ----------- | ----------------- | ---- | ----------------------------------- |
    11  | true        |  true             | r/o  | r/w                                 |
    12  | true        |  false            | r/o  | r/o                                 |
    13  | false       |  false            | r/w  | r/w                                 |
    14  | false       |  true             | r/w  | r/w                                 |
    15  
    16  When **--read-only=true** and **--read-only-tmpfs=true** additional tmpfs are mounted on
    17  the /tmp, /run, and /var/tmp directories.
    18  
    19  When **--read-only=true** and **--read-only-tmpfs=false** /dev and /dev/shm are marked
    20  Read/Only and no tmpfs are mounted on /tmp, /run and /var/tmp. The directories
    21  are exposed from the underlying image, meaning they are read-only by default.
    22  This makes the container totally read-only. No writable directories exist within
    23  the container. In this mode writable directories need to be added via external
    24  volumes or mounts.
    25  
    26  By default, when **--read-only=false**, the /dev and /dev/shm are read/write, and the /tmp, /run, and /var/tmp are read/write directories from the container image.