From 3f4447f14ae93abddf2213d7a73e4638b529c649 Mon Sep 17 00:00:00 2001 From: majiayu000 <1835304752@qq.com> Date: Wed, 31 Dec 2025 05:37:25 +0800 Subject: [PATCH] pod create: add --group-add flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add the --group-add flag to podman pod create to allow users to assign additional groups to processes in the pod's infra container. This aligns pod create with container create which already supports this flag. The flag is useful for granting supplementary group access (e.g., for accessing devices protected by group permissions) to containers in the pod. Fixes: #27559 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 Signed-off-by: majiayu000 <1835304752@qq.com> --- cmd/podman/common/create.go | 16 ++++++++-------- docs/source/markdown/options/group-add.md | 2 +- docs/source/markdown/podman-pod-create.1.md.in | 2 ++ 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 7189743a3a..f8a210affb 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -149,14 +149,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, ) _ = cmd.RegisterFlagCompletionFunc(exposeFlagName, completion.AutocompleteNone) - groupAddFlagName := "group-add" - createFlags.StringSliceVar( - &cf.GroupAdd, - groupAddFlagName, []string{}, - "Add additional groups to the primary container process. 'keep-groups' allows container processes to use supplementary groups.", - ) - _ = cmd.RegisterFlagCompletionFunc(groupAddFlagName, completion.AutocompleteNone) - createFlags.BoolVar( &cf.HTTPProxy, "http-proxy", podmanConfig.ContainersConfDefaultsRO.Containers.HTTPProxy, @@ -772,6 +764,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, createFlags.StringSliceVar(&cf.GPUs, gpuFlagName, []string{}, "GPU devices to add to the container ('all' to pass all GPUs)") _ = cmd.RegisterFlagCompletionFunc(gpuFlagName, completion.AutocompleteNone) + groupAddFlagName := "group-add" + createFlags.StringSliceVar( + &cf.GroupAdd, + groupAddFlagName, []string{}, + "Add additional groups to the primary container process. 'keep-groups' allows container processes to use supplementary groups.", + ) + _ = cmd.RegisterFlagCompletionFunc(groupAddFlagName, completion.AutocompleteNone) + uidmapFlagName := "uidmap" createFlags.StringSliceVar( &cf.UIDMap, diff --git a/docs/source/markdown/options/group-add.md b/docs/source/markdown/options/group-add.md index dadb8b4f1c..945f97e240 100644 --- a/docs/source/markdown/options/group-add.md +++ b/docs/source/markdown/options/group-add.md @@ -1,5 +1,5 @@ ####> This option file is used in: -####> podman build, create, farm build, run +####> podman build, create, farm build, pod create, run ####> If file is edited, make sure the changes ####> are applicable to all of those. #### **--group-add**=*group* | *keep-groups* diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 54e0a7d9aa..1927f4e302 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -82,6 +82,8 @@ Set the exit policy of the pod when the last container exits. Supported policie @@option gpus +@@option group-add + #### **--help**, **-h** Print usage statement.