runc/man/runc-exec.8.md

% runc-exec "8"

NAME

runc-exec - execute new process inside the container

SYNOPSIS

runc exec [option ...] container-id [--] command [arg ...]

runc exec [option ...] -p process.json container-id

OPTIONS

--console-socket path

Path to an AF_UNIX socket which will receive a file descriptor referencing the master end of the console's pseudoterminal. See docs/terminals.

--cwd path

Change to path in the container before executing the command.

--env|-e name=value

Set an environment variable name to value. Can be specified multiple times.

--tty|-t

Allocate a pseudo-TTY.

--user|-u uid[:gid]

Run the command as a user (and, optionally, group) specified by uid (and gid).

--additional-gids|-g gid

Add additional group IDs. Can be specified multiple times.

--process|-p process.json

Instead of specifying all the exec parameters directly on the command line, get them from a process.json, a JSON file containing the process specification as defined by the OCI runtime spec.

--detach|-d

Detach from the container's process.

--pid-file path

Specify the file to write the container process' PID to.

--process-label label

Set the asm process label for the process commonly used with selinux(7).

--apparmor profile

Set the apparmor(7) profile for the process.

--no-new-privs

Set the "no new privileges" value for the process.

--cap cap

Add a capability to the bounding set for the process. Can be specified multiple times.

--preserve-fds N

Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total). Default is 0.

EXAMPLES

If the container can run ps(1) command, the following will output a list of processes running in the container:

# runc exec <container-id> ps

SEE ALSO

runc(8).