local build
This commit is contained in:
parent
0ae1cfd00e
commit
b2a34f0c7f
@ -50,9 +50,10 @@ Source19: %{github_containers}/storage/%{storage_branch}/storage.conf
|
||||
Source20: RPM-GPG-KEY-redhat-release
|
||||
Source21: registry.access.redhat.com.yaml
|
||||
Source22: registry.redhat.io.yaml
|
||||
Source23: %{github_containers}/buildah/%{buildah_branch}/docs/Containerfile.5.md
|
||||
Source24: %{github_containers}/buildah/%{buildah_branch}/docs/containerignore.5.md
|
||||
Source25: %{github_containers}/buildah/%{buildah_branch}/docs/links/.containerignore.5
|
||||
Source23: %{github_containers}/common/%{common_branch}/docs/Containerfile.5.md
|
||||
Source24: %{github_containers}/common/%{common_branch}/docs/containerignore.5.md
|
||||
Source25: %{github_containers}/common/%{common_branch}/docs/links/.containerignore.5
|
||||
|
||||
|
||||
%description
|
||||
This package contains common configuration files and documentation for container
|
||||
|
@ -133,10 +133,12 @@ default_sysctls = [
|
||||
|
||||
# Default way to to create an IPC namespace (POSIX SysV IPC) for the container
|
||||
# Options are:
|
||||
# `private` Create private IPC Namespace for the container.
|
||||
# `host` Share host IPC Namespace with the container.
|
||||
# "host" Share host IPC Namespace with the container.
|
||||
# "none" Create shareable IPC Namespace for the container without a private /dev/shm.
|
||||
# "private" Create private IPC Namespace for the container, other containers are not allowed to share it.
|
||||
# "shareable" Create shareable IPC Namespace for the container.
|
||||
#
|
||||
#ipcns = "private"
|
||||
#ipcns = "shareable"
|
||||
|
||||
# keyring tells the container engine whether to create
|
||||
# a kernel keyring for use within the container.
|
||||
@ -284,6 +286,20 @@ log_driver = "journald"
|
||||
#
|
||||
#default_subnet = "10.88.0.0/16"
|
||||
|
||||
# DefaultSubnetPools is a list of subnets and size which are used to
|
||||
# allocate subnets automatically for podman network create.
|
||||
# It will iterate through the list and will pick the first free subnet
|
||||
# with the given size. This is only used for ipv4 subnets, ipv6 subnets
|
||||
# are always assigned randomly.
|
||||
#
|
||||
#default_subnet_pools = [
|
||||
# {"base" = "10.89.0.0/16", "size" = 24},
|
||||
# {"base" = "10.90.0.0/15", "size" = 24},
|
||||
# {"base" = "10.92.0.0/14", "size" = 24},
|
||||
# {"base" = "10.96.0.0/11", "size" = 24},
|
||||
# {"base" = "10.128.0.0/9", "size" = 24},
|
||||
#]
|
||||
|
||||
# Path to the directory where network configuration files are located.
|
||||
# For the CNI backend the default is "/etc/cni/net.d" as root
|
||||
# and "$HOME/.config/cni/net.d" as rootless.
|
||||
@ -357,6 +373,12 @@ log_driver = "journald"
|
||||
# Define where event logs will be stored, when events_logger is "file".
|
||||
#events_logfile_path=""
|
||||
|
||||
# Sets the maximum size for events_logfile_path in bytes. When the limit is exceeded,
|
||||
# the logfile will be rotated and the old one will be deleted.
|
||||
# If the maximum size is set to 0, then no limit will be applied,
|
||||
# and the logfile will not be rotated.
|
||||
#events_logfile_max_size = 0
|
||||
|
||||
# Selects which logging mechanism to use for container engine events.
|
||||
# Valid values are `journald`, `file` and `none`.
|
||||
#
|
||||
@ -501,6 +523,11 @@ log_driver = "journald"
|
||||
#
|
||||
#stop_timeout = 10
|
||||
|
||||
# Number of seconds to wait before exit command in API process is given to.
|
||||
# This mimics Docker's exec cleanup behaviour, where the default is 5 minutes (value is in seconds).
|
||||
#
|
||||
#exit_command_delay = 300
|
||||
|
||||
# map of service destinations
|
||||
#
|
||||
#[service_destinations]
|
||||
|
@ -162,12 +162,14 @@ Path to the container-init binary, which forwards signals and reaps processes
|
||||
within containers. Note that the container-init binary will only be used when
|
||||
the `--init` for podman-create and podman-run is set.
|
||||
|
||||
**ipcns**="private"
|
||||
**ipcns**="shareable"
|
||||
|
||||
Default way to to create a IPC namespace for the container.
|
||||
Options are:
|
||||
`private` Create private IPC Namespace for the container.
|
||||
`host` Share host IPC Namespace with the container.
|
||||
`host` Share host IPC Namespace with the container.
|
||||
`none` Create shareable IPC Namespace for the container without a private /dev/shm.
|
||||
`private` Create private IPC Namespace for the container, other containers are not allowed to share it.
|
||||
`shareable` Create shareable IPC Namespace for the container.
|
||||
|
||||
**keyring**=true
|
||||
|
||||
@ -268,6 +270,12 @@ Options are:
|
||||
`private` Create private UTS Namespace for the container.
|
||||
`host` Share host UTS Namespace with the container.
|
||||
|
||||
**volumes**=[]
|
||||
|
||||
List of volumes.
|
||||
Specified as "directory-on-host:directory-in-container:options".
|
||||
|
||||
Example: "/db:/var/lib/db:ro".
|
||||
|
||||
## NETWORK TABLE
|
||||
The `network` table contains settings pertaining to the management of CNI
|
||||
@ -307,6 +315,25 @@ The network name of the default network to attach pods to.
|
||||
The subnet to use for the default network (named above in **default_network**).
|
||||
If the default network does not exist, it will be automatically created the first time a tool is run using this subnet.
|
||||
|
||||
**default_subnet_pools**=[]
|
||||
|
||||
DefaultSubnetPools is a list of subnets and size which are used to
|
||||
allocate subnets automatically for podman network create.
|
||||
It will iterate through the list and will pick the first free subnet
|
||||
with the given size. This is only used for ipv4 subnets, ipv6 subnets
|
||||
are always assigned randomly.
|
||||
|
||||
The default list is (10.89.0.0-10.255.255.0/24):
|
||||
```
|
||||
default_subnet_pools = [
|
||||
{"base" = "10.89.0.0/16", "size" = 24},
|
||||
{"base" = "10.90.0.0/15", "size" = 24},
|
||||
{"base" = "10.92.0.0/14", "size" = 24},
|
||||
{"base" = "10.96.0.0/11", "size" = 24},
|
||||
{"base" = "10.128.0.0/9", "size" = 24},
|
||||
]
|
||||
```
|
||||
|
||||
**network_config_dir**="/etc/cni/net.d/"
|
||||
|
||||
Path to the directory where network configuration files are located.
|
||||
@ -315,13 +342,6 @@ and "$HOME/.config/cni/net.d" as rootless.
|
||||
For the netavark backend "/etc/containers/networks" is used as root
|
||||
and "$graphroot/networks" as rootless.
|
||||
|
||||
**volumes**=[]
|
||||
|
||||
List of volumes.
|
||||
Specified as "directory-on-host:directory-in-container:options".
|
||||
|
||||
Example: "/db:/var/lib/db:ro".
|
||||
|
||||
## ENGINE TABLE
|
||||
The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
|
||||
|
||||
@ -385,6 +405,13 @@ if you want to set environment variables for the container.
|
||||
|
||||
Define where event logs will be stored, when events_logger is "file".
|
||||
|
||||
**events_logfile_max_size**=0
|
||||
|
||||
Sets the maximum size for events_logfile_path in bytes. When the limit is exceeded,
|
||||
the logfile will be rotated and the old one will be deleted.
|
||||
If the maximumn size is set to 0, then no limit will be applied,
|
||||
and the logfile will not be rotated.
|
||||
|
||||
**events_logger**="journald"
|
||||
|
||||
Default method to use when logging events.
|
||||
@ -561,6 +588,10 @@ stores containers.
|
||||
|
||||
Number of seconds to wait for container to exit before sending kill signal.
|
||||
|
||||
**exit_command_delay**=300
|
||||
|
||||
Number of seconds to wait for the API process for the exec call before sending exit command mimicing the Docker behavior of 5 minutes (in seconds).
|
||||
|
||||
**tmp_dir**="/run/libpod"
|
||||
|
||||
The path to a temporary directory to store per-boot container.
|
||||
|
57
seccomp.json
57
seccomp.json
@ -176,6 +176,7 @@
|
||||
"futex",
|
||||
"futex_time64",
|
||||
"futimesat",
|
||||
"get_mempolicy",
|
||||
"get_robust_list",
|
||||
"get_thread_area",
|
||||
"getcpu",
|
||||
@ -191,7 +192,6 @@
|
||||
"getgroups",
|
||||
"getgroups32",
|
||||
"getitimer",
|
||||
"get_mempolicy",
|
||||
"getpeername",
|
||||
"getpgid",
|
||||
"getpgrp",
|
||||
@ -243,6 +243,7 @@
|
||||
"lstat64",
|
||||
"madvise",
|
||||
"mbind",
|
||||
"membarrier",
|
||||
"memfd_create",
|
||||
"memfd_secret",
|
||||
"mincore",
|
||||
@ -256,6 +257,7 @@
|
||||
"mmap",
|
||||
"mmap2",
|
||||
"mount",
|
||||
"mount_setattr",
|
||||
"move_mount",
|
||||
"mprotect",
|
||||
"mq_getsetattr",
|
||||
@ -279,9 +281,9 @@
|
||||
"nanosleep",
|
||||
"newfstatat",
|
||||
"open",
|
||||
"open_tree",
|
||||
"openat",
|
||||
"openat2",
|
||||
"open_tree",
|
||||
"pause",
|
||||
"pidfd_getfd",
|
||||
"pidfd_open",
|
||||
@ -300,8 +302,12 @@
|
||||
"preadv",
|
||||
"preadv2",
|
||||
"prlimit64",
|
||||
"process_mrelease",
|
||||
"process_vm_readv",
|
||||
"process_vm_writev",
|
||||
"pselect6",
|
||||
"pselect6_time64",
|
||||
"ptrace",
|
||||
"pwrite64",
|
||||
"pwritev",
|
||||
"pwritev2",
|
||||
@ -360,7 +366,6 @@
|
||||
"sendmmsg",
|
||||
"sendmsg",
|
||||
"sendto",
|
||||
"setns",
|
||||
"set_mempolicy",
|
||||
"set_robust_list",
|
||||
"set_thread_area",
|
||||
@ -374,6 +379,7 @@
|
||||
"setgroups",
|
||||
"setgroups32",
|
||||
"setitimer",
|
||||
"setns",
|
||||
"setpgid",
|
||||
"setpriority",
|
||||
"setregid",
|
||||
@ -395,10 +401,15 @@
|
||||
"shmdt",
|
||||
"shmget",
|
||||
"shutdown",
|
||||
"sigaction",
|
||||
"sigaltstack",
|
||||
"signal",
|
||||
"signalfd",
|
||||
"signalfd4",
|
||||
"sigpending",
|
||||
"sigprocmask",
|
||||
"sigreturn",
|
||||
"sigsuspend",
|
||||
"socket",
|
||||
"socketcall",
|
||||
"socketpair",
|
||||
@ -413,6 +424,7 @@
|
||||
"sync",
|
||||
"sync_file_range",
|
||||
"syncfs",
|
||||
"syscall",
|
||||
"sysinfo",
|
||||
"syslog",
|
||||
"tee",
|
||||
@ -425,6 +437,7 @@
|
||||
"timer_gettime64",
|
||||
"timer_settime",
|
||||
"timer_settime64",
|
||||
"timerfd",
|
||||
"timerfd_create",
|
||||
"timerfd_gettime",
|
||||
"timerfd_gettime64",
|
||||
@ -562,10 +575,10 @@
|
||||
"names": [
|
||||
"arm_fadvise64_64",
|
||||
"arm_sync_file_range",
|
||||
"sync_file_range2",
|
||||
"breakpoint",
|
||||
"cacheflush",
|
||||
"set_tls"
|
||||
"set_tls",
|
||||
"sync_file_range2"
|
||||
],
|
||||
"action": "SCMP_ACT_ALLOW",
|
||||
"args": [],
|
||||
@ -733,8 +746,8 @@
|
||||
{
|
||||
"names": [
|
||||
"delete_module",
|
||||
"init_module",
|
||||
"finit_module",
|
||||
"init_module",
|
||||
"query_module"
|
||||
],
|
||||
"action": "SCMP_ACT_ALLOW",
|
||||
@ -750,8 +763,8 @@
|
||||
{
|
||||
"names": [
|
||||
"delete_module",
|
||||
"init_module",
|
||||
"finit_module",
|
||||
"init_module",
|
||||
"query_module"
|
||||
],
|
||||
"action": "SCMP_ACT_ERRNO",
|
||||
@ -799,10 +812,7 @@
|
||||
{
|
||||
"names": [
|
||||
"kcmp",
|
||||
"process_madvise",
|
||||
"process_vm_readv",
|
||||
"process_vm_writev",
|
||||
"ptrace"
|
||||
"process_madvise"
|
||||
],
|
||||
"action": "SCMP_ACT_ALLOW",
|
||||
"args": [],
|
||||
@ -817,10 +827,7 @@
|
||||
{
|
||||
"names": [
|
||||
"kcmp",
|
||||
"process_madvise",
|
||||
"process_vm_readv",
|
||||
"process_vm_writev",
|
||||
"ptrace"
|
||||
"process_madvise"
|
||||
],
|
||||
"action": "SCMP_ACT_ERRNO",
|
||||
"args": [],
|
||||
@ -836,8 +843,8 @@
|
||||
},
|
||||
{
|
||||
"names": [
|
||||
"iopl",
|
||||
"ioperm"
|
||||
"ioperm",
|
||||
"iopl"
|
||||
],
|
||||
"action": "SCMP_ACT_ALLOW",
|
||||
"args": [],
|
||||
@ -851,8 +858,8 @@
|
||||
},
|
||||
{
|
||||
"names": [
|
||||
"iopl",
|
||||
"ioperm"
|
||||
"ioperm",
|
||||
"iopl"
|
||||
],
|
||||
"action": "SCMP_ACT_ERRNO",
|
||||
"args": [],
|
||||
@ -868,10 +875,10 @@
|
||||
},
|
||||
{
|
||||
"names": [
|
||||
"settimeofday",
|
||||
"stime",
|
||||
"clock_settime",
|
||||
"clock_settime64"
|
||||
"clock_settime64",
|
||||
"settimeofday",
|
||||
"stime"
|
||||
],
|
||||
"action": "SCMP_ACT_ALLOW",
|
||||
"args": [],
|
||||
@ -885,10 +892,10 @@
|
||||
},
|
||||
{
|
||||
"names": [
|
||||
"settimeofday",
|
||||
"stime",
|
||||
"clock_settime",
|
||||
"clock_settime64"
|
||||
"clock_settime64",
|
||||
"settimeofday",
|
||||
"stime"
|
||||
],
|
||||
"action": "SCMP_ACT_ERRNO",
|
||||
"args": [],
|
||||
|
Loading…
Reference in New Issue
Block a user