On Wed, Nov 6, 2019 at 5:31 PM Robert P. J. Day <rpjday(a)crashcourse.ca&gt; wrote:   reading brent's recent piece on security, and noticed the "podman container runlabel" command which allows one to define a label for convenience. however, every example i've seen of that uses precisely the label of "RUN," as if that's the only possibility.   can you not define multiple runlabels for a single image? that seems like the obvious thing to support, but if one looks at examples, it's not clear. Yes, an image can have multiple "runlabels". The label to be used for execution can be specified via the CLI and there is no requirement for it to be named "RUN". It's described in the man page [1] but I understand the question and think this example is a good addition to the man page which should help to make it clearer. [1]https://github.com/containers/libpod/blob/master/docs/source/markdown/p... runlabel.1.md

On Wed, Nov 6, 2019 at 6:29 PM Robert P. J. Day <rpjday(a)crashcourse.ca&gt; wrote: On Wed, 6 Nov 2019, Valentin Rothberg wrote: > > > On Wed, Nov 6, 2019 at 5:31 PM Robert P. J. Day <rpjday(a)crashcourse.ca&gt; wrote: > >         reading brent's recent piece on security, and noticed the "podman >       container runlabel" command which allows one to define a label for >       convenience. however, every example i've seen of that uses precisely >       the label of "RUN," as if that's the only possibility. > >         can you not define multiple runlabels for a single image? that seems >       like the obvious thing to support, but if one looks at examples, it's >       not clear. > > > Yes, an image can have multiple "runlabels". The label to be used > for execution can be specified via the CLI and there is no > requirement for it to be named "RUN". It's described in the man page > [1] but I understand the question and think this example is a good > addition to the man page which should help to make it clearer. > >[1]https://github.com/containers/libpod/blob/master/docs/source/markdown/podman-contain er- > runlabel.1.md   i would suggest two tweaks to make this absolutely clear. first, the example should include at least two "LABEL" lines -- if all an example ever supplies is a single LABEL line, it might still leave the impression that only one is allowed.   also, use an example with a goofy name, to make it clear that the label name is arbitrary, something like:   LABEL INSTALL ...   LABEL RUN ...   LABEL BUILDMYSTUFF ... those changes would make it obvious what is supported, i think. That's great, thanks! Are you interested in opening a pull request upstream?