local build

Containerfile.5.md

@@ -49,7 +49,7 @@ A Containerfile is similar to a Makefile.
   to a new image if necessary, before finally outputting the ID of the new
   image.
 
-  Container engines re-use intermediate images whenever possible. This significantly
+  Container engines reuse intermediate images whenever possible. This significantly
   accelerates the *build* process.
 
 # FORMAT

containers.conf

@@ -149,6 +149,9 @@ default_sysctls = [
 #init = false
 
 # Container init binary, if init=true, this is the init binary to be used for containers.
+# If this option is not set catatonit is searched in the directories listed under
+# the helper_binaries_dir option. It is recommended to just install catatonit
+# there instead of configuring this option here.
 #
 #init_path = "/usr/libexec/podman/catatonit"
 
@@ -237,6 +240,18 @@ log_driver = "journald"
 #
 #prepare_volume_on_create = false
 
+# Give extended privileges to all containers. A privileged container turns off
+# the security features that isolate the container from the host. Dropped
+# Capabilities, limited devices, read-only mount points, Apparmor/SELinux
+# separation, and Seccomp filters are all disabled. Due to the disabled
+# security features the privileged field should almost never be set as
+# containers can easily break out of confinment.
+#
+# Containers running in a user namespace (e.g., rootless containers) cannot
+# have more privileges than the user that launched them.
+#
+#privileged = false
+
 # Run all containers with root file system mounted read-only
 #
 # read_only = false
@@ -442,10 +457,14 @@ log_driver = "journald"
 # short-name aliases defined in containers-registries.conf(5).
 #compat_api_enforce_docker_hub = true
 
-# The database backend of Podman.  Supported values are "boltdb" (default) and
-# "sqlite". Please run `podman-system-reset` prior to changing the database
+# The database backend of Podman.  Supported values are "" (default), "boltdb"
+# and "sqlite". An empty value means it will check whenever a boltdb already
+# exists and use it when it does, otherwise it will use sqlite as default
+# (e.g. new installs). This allows for backwards compatibility with older versions.
+# Please run `podman-system-reset` prior to changing the database
 # backend of an existing deployment, to make sure Podman can operate correctly.
-#database_backend="boltdb"
+#
+#database_backend = ""
 
 # Specify the keys sequence used to detach a container.
 # Format is a single character [a-Z] or a comma separated sequence of

containers.conf.5.md

@@ -205,6 +205,10 @@ Run an init inside the container that forwards signals and reaps processes.
 
 **init_path**="/usr/libexec/podman/catatonit"
 
+If this option is not set catatonit is searched in the directories listed under
+the **helper_binaries_dir** option. It is recommended to just install catatonit
+there instead of configuring this option here.
+
 Path to the container-init binary, which forwards signals and reaps processes
 within containers. Note that the container-init binary will only be used when
 the `--init` for podman-create and podman-run is set.
@@ -289,6 +293,12 @@ is imposed.
 
 Copy the content from the underlying image into the newly created volume when the container is created instead of when it is started. If `false`, the container engine will not copy the content until the container is started. Setting it to `true` may have negative performance implications.
 
+**privileged**=false
+
+Give extended privileges to all containers. A privileged container turns off the security features that isolate the container from the host. Dropped Capabilities, limited devices, read-only mount points, Apparmor/SELinux separation, and Seccomp filters are all disabled. Due to the disabled security features, the privileged field should almost never be set as containers can easily break out of confinment.
+
+Containers running in a user namespace (e.g., rootless containers) cannot have more privileges than the user that launched them.
+
 **read_only**=true|false
 
 Run all containers with root file system mounted read-only. Set to false by default.
@@ -501,10 +511,13 @@ conmon_path=[
 ]
 ```
 
-**database_backend**="boltdb"
+**database_backend**=""
 
-The database backend of Podman.  Supported values are "boltdb" (default) and
-"sqlite". Please run `podman-system-reset` prior to changing the database
+The database backend of Podman.  Supported values are "" (default), "boltdb"
+and "sqlite". An empty value means it will check whenever a boltdb already
+exists and use it when it does, otherwise it will use sqlite as default
+(e.g. new installs). This allows for backwards compatibility with older versions.
+Please run `podman-system-reset` prior to changing the database
 backend of an existing deployment, to make sure Podman can operate correctly.
 
 **detach_keys**="ctrl-p,ctrl-q"
@@ -565,6 +578,17 @@ with detailed information about the container.  Set to false by default.
 **helper_binaries_dir**=["/usr/libexec/podman", ...]
 
 A is a list of directories which are used to search for helper binaries.
+The following binaries are searched in these directories:
+ - aardvark-dns
+ - catatonit
+ - netavark
+ - pasta
+ - slirp4netns
+
+Podman machine uses it for these binaries:
+ - gvproxy
+ - qemu
+ - vfkit
 
 The default paths on Linux are:
 

shortnames.conf

@@ -56,10 +56,10 @@
   "rhel7" = "registry.access.redhat.com/rhel7"
   "rhel7.9" = "registry.access.redhat.com/rhel7.9"
   "rhel-atomic" = "registry.access.redhat.com/rhel-atomic"
-  "rhel-minimal" = "registry.access.redhat.com/rhel-minimum"
+  "rhel-minimal" = "registry.access.redhat.com/rhel-minimal"
   "rhel-init" = "registry.access.redhat.com/rhel-init"
   "rhel7-atomic" = "registry.access.redhat.com/rhel7-atomic"
-  "rhel7-minimal" = "registry.access.redhat.com/rhel7-minimum"
+  "rhel7-minimal" = "registry.access.redhat.com/rhel7-minimal"
   "rhel7-init" = "registry.access.redhat.com/rhel7-init"
   "rhel7/rhel" = "registry.access.redhat.com/rhel7/rhel"
   "rhel7/rhel-atomic" = "registry.access.redhat.com/rhel7/rhel7/rhel-atomic"