local build

This commit is contained in:
Daniel J Walsh 2023-10-24 19:25:33 -04:00
parent 1d89ffc990
commit ac4765a62f
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
4 changed files with 52 additions and 9 deletions

View File

@ -49,7 +49,7 @@ A Containerfile is similar to a Makefile.
to a new image if necessary, before finally outputting the ID of the new to a new image if necessary, before finally outputting the ID of the new
image. image.
Container engines re-use intermediate images whenever possible. This significantly Container engines reuse intermediate images whenever possible. This significantly
accelerates the *build* process. accelerates the *build* process.
# FORMAT # FORMAT

View File

@ -149,6 +149,9 @@ default_sysctls = [
#init = false #init = false
# Container init binary, if init=true, this is the init binary to be used for containers. # Container init binary, if init=true, this is the init binary to be used for containers.
# If this option is not set catatonit is searched in the directories listed under
# the helper_binaries_dir option. It is recommended to just install catatonit
# there instead of configuring this option here.
# #
#init_path = "/usr/libexec/podman/catatonit" #init_path = "/usr/libexec/podman/catatonit"
@ -237,6 +240,18 @@ log_driver = "journald"
# #
#prepare_volume_on_create = false #prepare_volume_on_create = false
# Give extended privileges to all containers. A privileged container turns off
# the security features that isolate the container from the host. Dropped
# Capabilities, limited devices, read-only mount points, Apparmor/SELinux
# separation, and Seccomp filters are all disabled. Due to the disabled
# security features the privileged field should almost never be set as
# containers can easily break out of confinment.
#
# Containers running in a user namespace (e.g., rootless containers) cannot
# have more privileges than the user that launched them.
#
#privileged = false
# Run all containers with root file system mounted read-only # Run all containers with root file system mounted read-only
# #
# read_only = false # read_only = false
@ -442,10 +457,14 @@ log_driver = "journald"
# short-name aliases defined in containers-registries.conf(5). # short-name aliases defined in containers-registries.conf(5).
#compat_api_enforce_docker_hub = true #compat_api_enforce_docker_hub = true
# The database backend of Podman. Supported values are "boltdb" (default) and # The database backend of Podman. Supported values are "" (default), "boltdb"
# "sqlite". Please run `podman-system-reset` prior to changing the database # and "sqlite". An empty value means it will check whenever a boltdb already
# exists and use it when it does, otherwise it will use sqlite as default
# (e.g. new installs). This allows for backwards compatibility with older versions.
# Please run `podman-system-reset` prior to changing the database
# backend of an existing deployment, to make sure Podman can operate correctly. # backend of an existing deployment, to make sure Podman can operate correctly.
#database_backend="boltdb" #
#database_backend = ""
# Specify the keys sequence used to detach a container. # Specify the keys sequence used to detach a container.
# Format is a single character [a-Z] or a comma separated sequence of # Format is a single character [a-Z] or a comma separated sequence of

View File

@ -205,6 +205,10 @@ Run an init inside the container that forwards signals and reaps processes.
**init_path**="/usr/libexec/podman/catatonit" **init_path**="/usr/libexec/podman/catatonit"
If this option is not set catatonit is searched in the directories listed under
the **helper_binaries_dir** option. It is recommended to just install catatonit
there instead of configuring this option here.
Path to the container-init binary, which forwards signals and reaps processes Path to the container-init binary, which forwards signals and reaps processes
within containers. Note that the container-init binary will only be used when within containers. Note that the container-init binary will only be used when
the `--init` for podman-create and podman-run is set. the `--init` for podman-create and podman-run is set.
@ -289,6 +293,12 @@ is imposed.
Copy the content from the underlying image into the newly created volume when the container is created instead of when it is started. If `false`, the container engine will not copy the content until the container is started. Setting it to `true` may have negative performance implications. Copy the content from the underlying image into the newly created volume when the container is created instead of when it is started. If `false`, the container engine will not copy the content until the container is started. Setting it to `true` may have negative performance implications.
**privileged**=false
Give extended privileges to all containers. A privileged container turns off the security features that isolate the container from the host. Dropped Capabilities, limited devices, read-only mount points, Apparmor/SELinux separation, and Seccomp filters are all disabled. Due to the disabled security features, the privileged field should almost never be set as containers can easily break out of confinment.
Containers running in a user namespace (e.g., rootless containers) cannot have more privileges than the user that launched them.
**read_only**=true|false **read_only**=true|false
Run all containers with root file system mounted read-only. Set to false by default. Run all containers with root file system mounted read-only. Set to false by default.
@ -501,10 +511,13 @@ conmon_path=[
] ]
``` ```
**database_backend**="boltdb" **database_backend**=""
The database backend of Podman. Supported values are "boltdb" (default) and The database backend of Podman. Supported values are "" (default), "boltdb"
"sqlite". Please run `podman-system-reset` prior to changing the database and "sqlite". An empty value means it will check whenever a boltdb already
exists and use it when it does, otherwise it will use sqlite as default
(e.g. new installs). This allows for backwards compatibility with older versions.
Please run `podman-system-reset` prior to changing the database
backend of an existing deployment, to make sure Podman can operate correctly. backend of an existing deployment, to make sure Podman can operate correctly.
**detach_keys**="ctrl-p,ctrl-q" **detach_keys**="ctrl-p,ctrl-q"
@ -565,6 +578,17 @@ with detailed information about the container. Set to false by default.
**helper_binaries_dir**=["/usr/libexec/podman", ...] **helper_binaries_dir**=["/usr/libexec/podman", ...]
A is a list of directories which are used to search for helper binaries. A is a list of directories which are used to search for helper binaries.
The following binaries are searched in these directories:
- aardvark-dns
- catatonit
- netavark
- pasta
- slirp4netns
Podman machine uses it for these binaries:
- gvproxy
- qemu
- vfkit
The default paths on Linux are: The default paths on Linux are:

View File

@ -56,10 +56,10 @@
"rhel7" = "registry.access.redhat.com/rhel7" "rhel7" = "registry.access.redhat.com/rhel7"
"rhel7.9" = "registry.access.redhat.com/rhel7.9" "rhel7.9" = "registry.access.redhat.com/rhel7.9"
"rhel-atomic" = "registry.access.redhat.com/rhel-atomic" "rhel-atomic" = "registry.access.redhat.com/rhel-atomic"
"rhel-minimal" = "registry.access.redhat.com/rhel-minimum" "rhel-minimal" = "registry.access.redhat.com/rhel-minimal"
"rhel-init" = "registry.access.redhat.com/rhel-init" "rhel-init" = "registry.access.redhat.com/rhel-init"
"rhel7-atomic" = "registry.access.redhat.com/rhel7-atomic" "rhel7-atomic" = "registry.access.redhat.com/rhel7-atomic"
"rhel7-minimal" = "registry.access.redhat.com/rhel7-minimum" "rhel7-minimal" = "registry.access.redhat.com/rhel7-minimal"
"rhel7-init" = "registry.access.redhat.com/rhel7-init" "rhel7-init" = "registry.access.redhat.com/rhel7-init"
"rhel7/rhel" = "registry.access.redhat.com/rhel7/rhel" "rhel7/rhel" = "registry.access.redhat.com/rhel7/rhel"
"rhel7/rhel-atomic" = "registry.access.redhat.com/rhel7/rhel7/rhel-atomic" "rhel7/rhel-atomic" = "registry.access.redhat.com/rhel7/rhel7/rhel-atomic"