docs/containerfile: add RUN --network

Document RUN --network added in containers/buildah#4566 [NO NEW TESTS NEEDED] [CI:DOCS] Signed-off-by: Aditya R <arajan@redhat.com>
flouthoc · Mar 15, 2023 · 5b0ed0c · 5b0ed0c
1 parent 649bcaa
commit 5b0ed0c
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/docs/Containerfile.5.md b/docs/Containerfile.5.md
@@ -154,6 +154,49 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
 
               · rw, read-write: allows writes on the mount.
 
+**RUN --network**
+
+> Added in https://github.com/containers/buildah/pull/4566
+
+`RUN --network` allows control over which networking environment the command
+is run in.
+
+Syntax: `--network=<TYPE>`
+
+**Network types**
+
+| Type                                         | Description                            |
+|----------------------------------------------|----------------------------------------|
+| [`default`](#run---networkdefault) (default) | Run in the default network.            |
+| [`none`](#run---networknone)                 | Run with no network access.            |
+| [`host`](#run---networkhost)                 | Run in the host's network environment. |
+
+##### RUN --network=default
+
+Equivalent to not supplying a flag at all, the command is run in the default
+network for the build.
+
+##### RUN --network=none
+
+The command is run with no network access (`lo` is still available, but is
+isolated to this process)
+
+##### Example: isolating external effects
+
+```dockerfile
+FROM python:3.6
+ADD mypackage.tgz wheels/
+RUN --network=none pip install --find-links wheels mypackage
+```
+
+`pip` will only be able to install the packages provided in the tarfile, which
+can be controlled by an earlier build stage.
+
+##### RUN --network=host
+
+The command is run in the host's network environment (similar to
+`buildah build --network=host`, but on a per-instruction basis)
+
 
 **RUN Secrets**