NAME 名称

podman-exec - Execute a command in a running container
podman-exec - 在运行的容器中执行命令

SYNOPSIS 概要

podman exec [options] container [command [arg …]]
podman exec [选项] 容器 [命令 [参数 …]]

podman container exec [options] container [command [arg …]]
podman 容器 exec [选项] 容器 [命令 [参数 …]]

DESCRIPTION 描述

podman exec executes a command in a running container.
podman exec 在运行的容器中执行命令。

OPTIONS 选项

--detach, -d

Start the exec session, but do not attach to it. The command runs in the background, and the exec session is automatically removed when it completes. The podman exec command prints the ID of the exec session and exits immediately after it starts.
启动 exec 会话,但不附加到它。命令在后台运行,并在完成时自动删除 exec 会话。podman exec 命令在启动后立即打印 exec 会话的 ID 并立即退出。

--detach-keys=sequence --detach-keys=序列

Specify the key sequence for detaching a container. Format is a single character [a-Z] or one or more ctrl-<value> characters where <value> is one of: a-z, @, ^, [, , or _. Specifying “” disables this feature. The default is ctrl-p,ctrl-q.
指定分离容器的键序列。格式为单个字符 [a-Z] 或一个或多个 ctrl-<value> 字符,其中 <value> 是以下之一: a-z@^[,_ 。指定“”将禁用此功能。默认为 ctrl-p,ctrl-q。

This option can also be set in containers.conf(5) file.
此选项也可以在 containers.conf(5) 文件中设置。

--env, -e=env

Set environment variables.
设置环境变量。

This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman checks the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in * is specified without a value, Podman searches the host environment for variables starting with the prefix and adds those variables to the container.
此选项允许设置可用于在容器内启动的进程的任意环境变量。如果指定环境变量而没有值,Podman 将检查主机环境以获取值,并仅在主机上设置了该变量时才设置该变量。作为特例,如果指定以 * 结尾的环境变量而没有值,Podman 将搜索主机环境以查找以该前缀开头的变量,并将这些变量添加到容器中。

--env-file=file

Read in a line-delimited file of environment variables.
读取一个以行分隔的环境变量文件。

--interactive, -i --交互式, -i ¶

When set to true, keep stdin open even if not attached. The default is false.
当设置为 true 时,即使未连接也保持 stdin 打开。默认值为 false。

--latest, -l

Instead of providing the container name or ID, use the last created container. Note: the last started container can be from other users of Podman on the host machine. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
不要提供容器名称或 ID,而是使用最后创建的容器。注意:最后启动的容器可能来自主机上其他 Podman 用户。(此选项在远程 Podman 客户端中不可用,包括 Mac 和 Windows(不包括 WSL2)主机)

--preserve-fd=FD1[,FD2,…]

Pass down to the process the additional file descriptors specified in the comma separated list. It can be specified multiple times. This option is only supported with the crun OCI runtime. It might be a security risk to use this option with other OCI runtimes.
将指定的附加文件描述符传递给进程,这些文件描述符在逗号分隔的列表中指定。可以多次指定此选项。此选项仅受 crun OCI 运行时支持。在其他 OCI 运行时中使用此选项可能存在安全风险。

(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
(此选项在远程 Podman 客户端中不可用,包括 Mac 和 Windows(不包括 WSL2)机器)

--preserve-fds=N

Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs are 3+N. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
传递给进程 N 个额外的文件描述符(除了 0、1、2 之外)。总的文件描述符数为 3+N。(此选项不适用于远程 Podman 客户端,包括 Mac 和 Windows(不包括 WSL2)机器)

--privileged

Give extended privileges to this container. The default is false.
给予此容器扩展权限。默认值为 false。

By default, Podman containers are unprivileged (=false) and cannot, for example, modify parts of the operating system. This is because by default a container is only allowed limited access to devices. A “privileged” container is given the same access to devices as the user launching the container, with the exception of virtual consoles (/dev/tty\d+) when running in systemd mode (--systemd=always).
默认情况下,Podman 容器是非特权的(=false),例如,不能修改操作系统的部分。这是因为默认情况下容器只被允许有限的设备访问权限。一个“特权”容器被赋予与启动容器的用户相同的设备访问权限,但在 systemd 模式(--systemd=always)下运行时除了虚拟控制台(/dev/tty\d+)。

A privileged container turns off the security features that isolate the container from the host. Dropped Capabilities, limited devices, read-only mount points, Apparmor/SELinux separation, and Seccomp filters are all disabled. Due to the disabled security features, the privileged field should almost never be set as containers can easily break out of confinement.
特权容器关闭了将容器与主机隔离的安全功能。已禁用了已丢弃的功能、有限的设备、只读挂载点、Apparmor/SELinux 分离和 Seccomp 过滤器。由于已禁用的安全功能,几乎永远不应该设置特权字段,因为容器很容易突破限制。

Containers running in a user namespace (e.g., rootless containers) cannot have more privileges than the user that launched them.
在用户命名空间中运行的容器(例如,无根容器)不能拥有比启动它们的用户更多的特权。

--tty, -t

Allocate a pseudo-TTY. The default is false.
分配一个伪终端。默认值为 false。

When set to true, Podman allocates a pseudo-tty and attach to the standard input of the container. This can be used, for example, to run a throwaway interactive shell.
当设置为 true 时,Podman 分配一个伪终端并附加到容器的标准输入。例如,可以用来运行一个临时的交互式 shell。

NOTE: The --tty flag prevents redirection of standard output. It combines STDOUT and STDERR, it can insert control characters, and it can hang pipes. This option is only used when run interactively in a terminal. When feeding input to Podman, use -i only, not -it.
注意:--tty 标志防止标准输出重定向。它结合了 STDOUT 和 STDERR,可以插入控制字符,并且可以挂起管道。此选项仅在终端交互式运行时使用。在向 Podman 提供输入时,仅使用 -i,而不是 -it。

--user, -u=user[:group]

Sets the username or UID used and, optionally, the groupname or GID for the specified command. Both user and group may be symbolic or numeric.
设置指定命令使用的用户名或 UID,可选地,还可以设置组名或 GID。用户和组都可以是符号或数字。

Without this argument, the command runs as the user specified in the container image. Unless overridden by a USER command in the Containerfile or by a value passed to this option, this user generally defaults to root.
没有此参数,命令将作为容器镜像中指定的用户运行。除非在 Containerfile 中被 USER 命令覆盖或者通过传递给此选项的值覆盖,否则该用户通常默认为 root。

When a user namespace is not in use, the UID and GID used within the container and on the host match. When user namespaces are in use, however, the UID and GID in the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in the container by default corresponds to the UID and GID of the user invoking Podman.
当未使用用户命名空间时,容器内部和主机上使用的 UID 和 GID 相匹配。然而,当使用用户命名空间时,容器中的 UID 和 GID 可能对应于主机上的另一个 UID 和 GID。例如,在无根容器中,总是使用用户命名空间,默认情况下容器中的 root 对应于调用 Podman 的用户的 UID 和 GID。

--workdir, -w=dir

Working directory inside the container.
容器内的工作目录。

The default working directory for running binaries within a container is the root directory (/). The image developer can set a different default with the WORKDIR instruction. The operator can override the working directory by using the -w option.
在容器内运行二进制文件的默认工作目录是根目录(/)。镜像开发者可以使用 WORKDIR 指令设置不同的默认工作目录。操作员可以使用 -w 选项覆盖工作目录。

Exit Status 退出状态 ¶

The exit code from podman exec gives information about why the command within the container failed to run or why it exited. When podman exec exits with a non-zero code, the exit codes follow the chroot standard, see below:
podman exec 的退出代码提供了有关容器内部命令运行失败或退出的原因的信息。当 podman exec 以非零代码退出时,退出代码遵循 chroot 标准,见下文:

125 The error is with Podman itself
125 错误出现在 Podman 本身

$ podman exec --foo ctrID /bin/sh; echo $?
Error: unknown flag: --foo
125

126 The contained command cannot be invoked
126 无法调用包含的命令

$ podman exec ctrID /etc; echo $?
Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error
126

127 The contained command cannot be found
127 包含的命令找不到

$ podman exec ctrID foo; echo $?
Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error
127

Exit code The contained command exit code
退出代码 包含的命令退出代码

$ podman exec ctrID /bin/sh -c 'exit 3'; echo $?
3

EXAMPLES 示例

Execute command in selected container with a stdin and a tty allocated:
在选定的容器中执行命令,并分配一个标准输入和一个 tty:

$ podman exec -it ctrID ls

Execute command with the overridden working directory in selected container with a stdin and a tty allocated:
在所选容器中使用覆盖的工作目录执行命令,并分配标准输入和 tty:

$ podman exec -it -w /tmp myCtr pwd

Execute command as the specified user in selected container:
在所选容器中以指定用户身份执行命令:

$ podman exec --user root ctrID ls

SEE ALSO 参见 ¶

podman(1), podman-run(1) podman(1),podman-run(1)

HISTORY 历史 ¶

December 2017, Originally compiled by Brent Baudebbaude@redhat.com
2017 年 12 月,最初由 Brent Baudebbaude@redhat.com 编写