From 069e792db09ae729ba25c270bdfa13a68bcf499e Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 29 Nov 2021 15:30:01 -0500
Subject: [PATCH] Update to grab latest man pages and configuration files

Move /etc/containers/containers.conf to /usr/share/containers/containers.conf
---
 containers-common.spec | 16 +++++++++-------
 containers.conf        |  9 +++++++++
 containers.conf.5.md   |  6 ++++++
 seccomp.json           | 34 +++++++++++++++++++++++-----------
 4 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/containers-common.spec b/containers-common.spec
index 5e1b8d5..d0f6056 100644
--- a/containers-common.spec
+++ b/containers-common.spec
@@ -16,7 +16,7 @@
 Epoch: 4
 Name: containers-common
 Version: 1
-Release: 35%{?dist}
+Release: 36%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 BuildArch: noarch
@@ -94,7 +94,8 @@ cp %{SOURCE25} .
 install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.conf.d,registries.d}
 install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
 install -m0644 default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
-install -m0644 storage.conf %{buildroot}%{_sysconfdir}/containers/storage.conf
+install -dp %{buildroot}%{_datadir}/containers
+install -m0644 storage.conf %{buildroot}%{_datadir}/containers/storage.conf
 install -m0644 registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
 install -m0644 shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
 install -m0644 default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
@@ -122,7 +123,6 @@ go-md2man -in containers-registries.conf.d.5.md -out %{buildroot}%{_mandir}/man5
 install -m0644 .containerignore.5 %{buildroot}%{_mandir}/man5/.containerignore.5
 
 # install config files for mounts, containers and seccomp
-install -dp %{buildroot}%{_datadir}/containers
 install -m0644 mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
 install -m0644 seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
 install -m0644 containers.conf %{buildroot}%{_datadir}/containers/containers.conf
@@ -146,14 +146,15 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
 %config(noreplace) %{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
 %{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 %config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
-%config(noreplace) %{_sysconfdir}/containers/storage.conf
 %{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
 %{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
+%ghost %{_sysconfdir}/containers/storage.conf
 %ghost %{_sysconfdir}/containers/containers.conf
 %dir %{_sharedstatedir}/containers/sigstore
 %{_mandir}/man5/*.5*
 %{_mandir}/man5/.*.5*
 %dir %{_datadir}/containers
+%{_datadir}/containers/storage.conf
 %{_datadir}/containers/containers.conf
 %{_datadir}/containers/mounts.conf
 %{_datadir}/containers/seccomp.json
@@ -161,6 +162,10 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
 %{_datadir}/rhel/secrets/*
 
 %changelog
+* Mon Nov 29 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-36
+- Update to grab latest man pages and configuration files
+- Move /etc/containers/containers.conf to /usr/share/containers/containers.conf
+
 * Mon Nov 8 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-35
 - Update to grab latest man pages and configuration files
 
@@ -170,9 +175,6 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
 * Fri Oct 1 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-33
 - Update to grab latest man pages and configuration files
 
-* Tue Oct 5 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-32
-- Add .containerignore.5 link
-
 * Fri Oct 1 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-31
 - Update to grab latest man pages and configuration files
 - Add Containerfile.md
diff --git a/containers.conf b/containers.conf
index c2979f7..4e3efdd 100644
--- a/containers.conf
+++ b/containers.conf
@@ -260,6 +260,10 @@ log_driver = "journald"
 
 [network]
 
+# Network backend to use. Default "CNI".
+#
+#network_backend = "cni"
+
 # Path to directory where CNI plugin binaries are located.
 #
 #cni_plugin_dirs = [
@@ -313,6 +317,11 @@ log_driver = "journald"
 #  "/usr/local/sbin/conmon"
 #]
 
+# Enforces using docker.io for completing short names in Podman's compatibility
+# REST API. Note that this will ignore unqualified-search-registries and
+# short-name aliases defined in containers-registries.conf(5).
+#compat_api_enforce_docker_hub = true
+
 # Specify the keys sequence used to detach a container.
 # Format is a single character [a-Z] or a comma separated sequence of
 # `ctrl-<value>`, where `<value>` is one of:
diff --git a/containers.conf.5.md b/containers.conf.5.md
index 1499211..0a978e0 100644
--- a/containers.conf.5.md
+++ b/containers.conf.5.md
@@ -278,6 +278,12 @@ Options are:
 The `network` table contains settings pertaining to the management of CNI
 plugins.
 
+**network_backend**="cni"
+
+Network backend determines what network driver will be used to set up and tear down container networks.
+Valid values are "cni" and "netavark".
+Changing this value may require restarting all running containers.
+
 **cni_plugin_dirs**=[]
 
 List of paths to directories where CNI plugin binaries are located.
diff --git a/seccomp.json b/seccomp.json
index f398367..fbba1e2 100644
--- a/seccomp.json
+++ b/seccomp.json
@@ -1,6 +1,7 @@
 {
 	"defaultAction": "SCMP_ACT_ERRNO",
 	"defaultErrnoRet": 38,
+	"defaultErrno": "ENOSYS",
 	"archMap": [
 		{
 			"architecture": "SCMP_ARCH_X86_64",
@@ -87,7 +88,8 @@
 			"comment": "",
 			"includes": {},
 			"excludes": {},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -651,7 +653,8 @@
 					"CAP_DAC_READ_SEARCH"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -694,7 +697,8 @@
 					"CAP_SYS_ADMIN"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -723,7 +727,8 @@
 					"CAP_SYS_CHROOT"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -758,7 +763,8 @@
 					"CAP_SYS_MODULE"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -787,7 +793,8 @@
 					"CAP_SYS_PACCT"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -824,7 +831,8 @@
 					"CAP_SYS_PTRACE"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -855,7 +863,8 @@
 					"CAP_SYS_RAWIO"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -890,7 +899,8 @@
 					"CAP_SYS_TIME"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -919,7 +929,8 @@
 					"CAP_SYS_TTY_CONFIG"
 				]
 			},
-			"errnoRet": 1
+			"errnoRet": 1,
+			"errno": "EPERM"
 		},
 		{
 			"names": [
@@ -947,7 +958,8 @@
 					"CAP_AUDIT_WRITE"
 				]
 			},
-			"errnoRet": 22
+			"errnoRet": 22,
+			"errno": "EINVAL"
 		},
 		{
 			"names": [