diff --git a/README.adoc b/README.adoc index 06ba3caa0ec55a4411a179ebbc516a1d0a800ede..2680d480068d516b5cf354b6b095eb8aa9e91cac 100644 --- a/README.adoc +++ b/README.adoc @@ -70,16 +70,16 @@ The advantage of Podman is that it is more secure. It runs in user space and does not rely on a daemon. If you're running a Linux distribution that has SELinux enabled, like Fedora, you'll need to add the `:Z` (or `:z`) modifier to the volume mount. -You'll also want to add the `-u $(id -u)` option to instruct Docker to run the entrypoint command as the current user. +You'll also want to add the `-u "$(id -u):$(id -g)"` option to instruct Docker to run the entrypoint command as the current user/group. Otherwise, files will be written as root and thus hard to delete. Here's the command you'll use: - $ docker run -u $(id -u) -v $PWD:/antora:Z --rm -t antora/antora --stacktrace antora-playbook.yml + $ docker run -u "$(id -u):$(id -g)" -v $PWD:/antora:Z --rm -t antora/antora --stacktrace antora-playbook.yml When using Podman, the `-u` flag is not required since the container is already run in user space. $ podman run -v $PWD:/antora:Z --rm -t antora/antora --stacktrace antora-playbook.yml - + Although tempting, the `--privileged` flag is not needed. To learn more about using volume mounts with SELinux, see the blog post http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/[Using Volumes with Docker can Cause Problems with SELinux]. @@ -93,7 +93,7 @@ This happens because the default cache dir resolves relative to the user's home You can fix this problem by setting the cache dir relative to the playbook when running Antora: - $ docker run -u $(id -u) -v $PWD:/antora:Z --rm -t \ + $ docker run -u "$(id -u):$(id -g)" -v $PWD:/antora:Z --rm -t \ antora/antora --cache-dir=./.cache --stacktrace antora-playbook.yml ==== @@ -190,7 +190,7 @@ To build this image locally, use the following command: $ docker build --pull -t local/antora . -The build make take awhile to complete. +The build make take a while to complete. Once it's finished, you can use the image name `local/antora` (i.e., `local/antora:latest`) to run the container. == Copyright and License