Update to grab latest man pages and configuration files

2021-10-21 09:51:45 -04:00 · 2021-10-21 09:51:45 -04:00 · a0c17419b4
commit a0c17419b4
parent 8b8f89c567
3 changed files with 77 additions and 7 deletions
--- a/Containerfile.5.md
+++ b/Containerfile.5.md
@ -61,8 +61,10 @@ A Containerfile is similar to a Makefile.
  `FROM image@digest`

  -- The **FROM** instruction sets the base image for subsequent instructions. A
-  valid Containerfile must have **FROM** as its first instruction. The image can be any
-  valid image. It is easy to start by pulling an image from the public
+  valid Containerfile must have either **ARG** or *FROM** as its first instruction.
+  If **FROM** is not the first instruction in the file, it may only be preceded by
+  one or more ARG instructions, which declare arguments that are used in the next FROM line in the Containerfile.
+  The image can be any valid image. It is easy to start by pulling an image from the public
  repositories.

  -- **FROM** must appear at least once in the Containerfile.
@ -94,14 +96,64 @@ A Containerfile is similar to a Makefile.
  # Executable form
  RUN ["executable", "param1", "param2"]
  ```
+**RUN mounts**

-**RUN Secrets*
+**--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]*
+
+Attach a filesystem mount to the container
+
+Current supported mount TYPES are bind, cache, secret and tmpfs.
+
+       e.g.
+
+       mount=type=bind,source=/path/on/host,destination=/path/in/container
+
+       mount=type=tmpfs,tmpfs-size=512M,destination=/path/in/container
+
+       mount=type=secret,id=mysecret cat /run/secrets/mysecret
+
+       Common Options:
+
+              · src, source: mount source spec for bind and volume. Mandatory for bind.
+
+              · dst, destination, target: mount destination spec.
+
+              · ro, read-only: true or false (default).
+
+       Options specific to bind:
+
+              · bind-propagation: shared, slave, private, rshared, rslave, or rprivate(default). See also mount(2).
+
+              . bind-nonrecursive: do not setup a recursive bind mount.  By default it is recursive.
+
+       Options specific to tmpfs:
+
+              · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
+
+              · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
+
+              · tmpcopyup: Path that is shadowed by the tmpfs mount is recursively copied up to the tmpfs itself.
+
+	Options specific to cache:
+
+              · id: Create a separate cache directory for a particular id.
+
+              · mode: File mode for new cache directory in octal. Default 0755.
+
+              · ro, readonly: read only cache if set.
+
+              · uid: uid for cache directory.
+
+              · gid: gid for cache directory.
+
+
+**RUN Secrets**

 The RUN command has a feature to allow the passing of secret information into the image build. These secrets files can be used during the RUN command but are not committed to the final image. The `RUN` command supports the `--mount` option to identify the secret file. A secret file from the host is mounted into the container while the image is being built.

 Container engines pass secret the secret file into the build using the `--secret` flag.

-**RUN --mount* options:
+**--mount**=*type=secret,TYPE-SPECIFIC-OPTION[,...]*

 - `id` is the identifier to for the secret passed into the `buildah bud --secret` or `podman build --secret`. This identifier is associated with the RUN --mount identifier to use in the Containerfile.

--- a/containers-common.spec
+++ b/containers-common.spec
@ -16,7 +16,7 @@
 Epoch: 4
 Name: containers-common
 Version: 1
-Release: 33%{?dist}
+Release: 34%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 BuildArch: noarch
@ -161,6 +161,9 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
 %{_datadir}/rhel/secrets/*

 %changelog
+* Thu Oct 21 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-34
+- Update to grab latest man pages and configuration files
+
 * Fri Oct 1 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-33
 - Update to grab latest man pages and configuration files

--- a/containers-storage.conf.5.md
+++ b/containers-storage.conf.5.md
@ -42,9 +42,17 @@ The `storage` table supports the following options:
  the labeling matches the default locations labels with the
  following commands:
  
-  # semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
-  # restorecon -R -v /NEWSTORAGEPATH
+```
+# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
+# restorecon -R -v /NEWSTORAGEPATH
+```

+  In Rootless Mode you would set
+
+```
+# semanage fcontext -a -e $HOME/.local/share/containers NEWSTORAGEPATH
+$ restorecon -R -v /NEWSTORAGEPATH
+```
 **rootless_storage_path**="$HOME/.local/share/containers/storage"
  Storage path for rootless users. By default the graphroot for rootless users
  is set to `$XDG_DATA_HOME/containers/storage`, if XDG_DATA_HOME is set.
@ -265,6 +273,13 @@ semanage fcontext -a -e /var/lib/containers NEWSTORAGEPATH
 restorecon -R -v NEWSTORAGEPATH
 ```

+In rootless mode, you would set
+
+```
+semanage fcontext -a -e $HOME/.local/share/containers NEWSTORAGEPATH
+restorecon -R -v NEWSTORAGEPATH
+```
+
 The semanage command above tells SELinux to setup the default labeling of `NEWSTORAGEPATH` to match `/var/lib/containers`.  The `restorecon` command tells SELinux to apply the labels to the actual content.

 Now all new content created in these directories will automatically be created with the correct label.