Compare commits

..

No commits in common. "c8-beta-stream-rhel8" and "c9-beta" have entirely different histories.

4 changed files with 366 additions and 646 deletions

File diff suppressed because it is too large Load Diff

View File

@ -57,20 +57,19 @@
# List of default capabilities for containers. If it is empty or commented out, # List of default capabilities for containers. If it is empty or commented out,
# the default capabilities defined in the container engine will be added. # the default capabilities defined in the container engine will be added.
# #
default_capabilities = [ #default_capabilities = [
"NET_RAW", # "CHOWN",
"CHOWN", # "DAC_OVERRIDE",
"DAC_OVERRIDE", # "FOWNER",
"FOWNER", # "FSETID",
"FSETID", # "KILL",
"KILL", # "NET_BIND_SERVICE",
"NET_BIND_SERVICE", # "SETFCAP",
"SETFCAP", # "SETGID",
"SETGID", # "SETPCAP",
"SETPCAP", # "SETUID",
"SETUID", # "SYS_CHROOT",
"SYS_CHROOT", #]
]
# A list of sysctls to be set in containers by default, # A list of sysctls to be set in containers by default,
# specified as "name=value", # specified as "name=value",
@ -185,7 +184,6 @@ default_sysctls = [
# Logging driver for the container. Available options: k8s-file and journald. # Logging driver for the container. Available options: k8s-file and journald.
# #
#log_driver = "k8s-file" #log_driver = "k8s-file"
log_driver = "k8s-file"
# Maximum size allowed for the container log file. Negative numbers indicate # Maximum size allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If positive, it must be >= 8192 to match or # that no size limit is imposed. If positive, it must be >= 8192 to match or
@ -322,7 +320,6 @@ log_driver = "k8s-file"
# iptables rules and network interfaces might leak on the host. A reboot will fix this. # iptables rules and network interfaces might leak on the host. A reboot will fix this.
# #
#network_backend = "" #network_backend = ""
network_backend = "cni"
# Path to directory where CNI plugin binaries are located. # Path to directory where CNI plugin binaries are located.
# #
@ -508,7 +505,6 @@ network_backend = "cni"
# Valid values are `journald`, `file` and `none`. # Valid values are `journald`, `file` and `none`.
# #
#events_logger = "journald" #events_logger = "journald"
events_logger = "file"
# Creates a more verbose container-create event which includes a JSON payload # Creates a more verbose container-create event which includes a JSON payload
# with detailed information about the container. # with detailed information about the container.
@ -646,7 +642,7 @@ events_logger = "file"
# Default OCI runtime # Default OCI runtime
# #
#runtime = "crun" #runtime = "crun"
runtime = "runc" runtime = "crun"
# List of the OCI runtimes that support --format=json. When json is supported # List of the OCI runtimes that support --format=json. When json is supported
# engine will use it for reporting nicer errors. # engine will use it for reporting nicer errors.

View File

@ -76,4 +76,4 @@ unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.
# # 2. example-mirror-1.local/mirrors/foo/image:latest # # 2. example-mirror-1.local/mirrors/foo/image:latest
# # 3. internal-registry-for-example.net/bar/image:latest # # 3. internal-registry-for-example.net/bar/image:latest
# # in order, and use the first one that exists. # # in order, and use the first one that exists.
short-name-mode = "permissive" short-name-mode = "enforcing"

View File

@ -12,11 +12,9 @@
Epoch: 2 Epoch: 2
Name: containers-common Name: containers-common
Version: 1 Version: 1
Release: 81%{?dist} Release: 61%{?dist}
Summary: Common configuration and documentation for containers Summary: Common configuration and documentation for containers
License: ASL 2.0 License: ASL 2.0
# arch limitation because of go-md2man (missing on i686)
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
ExclusiveArch: %{go_arches} ExclusiveArch: %{go_arches}
BuildRequires: /usr/bin/go-md2man BuildRequires: /usr/bin/go-md2man
Provides: skopeo-containers = %{epoch}:%{version}-%{release} Provides: skopeo-containers = %{epoch}:%{version}-%{release}
@ -175,253 +173,256 @@ EOF
%{_datadir}/rhel/secrets/* %{_datadir}/rhel/secrets/*
%changelog %changelog
* Wed Feb 14 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-81 * Thu Feb 08 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-61
- Update shortnames from Pyxis
- Related: Jira:RHEL-2110
* Mon Feb 12 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-80
- bump release to preserve upgrade path
- Resolves: Jira:RHEL-12277
* Thu Feb 08 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-59
- update vendored components - update vendored components
- Related: Jira:RHEL-2110 - Related: Jira:RHEL-2112
* Tue Jan 02 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-58 * Tue Jan 02 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-60
- update vendored components - Update vendored components
- Related: Jira:RHEL-2110 - Related: Jira:RHEL-2112
* Wed Oct 11 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-57 * Wed Oct 11 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-59
- fix shortnames for rhel-minimal - fix shortnames
- Related: Jira:RHEL-2110 - Related: Jira:RHEL-2112
* Fri Sep 15 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-56 * Thu Sep 14 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-58
- implement GPG auto updating mechanism from redhat-release - implement GPG auto updating mechanism from redhat-release
- Resolves: #RHEL-2110 - Resolves: #RHEL-3164
* Wed Sep 13 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-55 * Wed Sep 13 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-57
- update GPG keys to the current content of redhat-release - update GPG keys to the current content of redhat-release
- Resolves: #RHEL-3164 - Resolves: #RHEL-3164
* Fri Aug 25 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-54 * Fri Aug 25 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-56
- update vendored components and shortnames - update vendored components and shortnames
- Related: #2176055 - Related: #2176063
* Mon Jul 10 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-53 * Wed Jul 19 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-55
- fix vendoring script
- Related: #2176063
* Mon Jul 10 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-54
- update vendored components - update vendored components
- Related: #2176055 - Related: #2176063
* Sat Jul 08 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-52 * Tue Jun 20 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-53
- rebuild
- Resolves: #2178263
* Fri Apr 21 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-52
- update vendored components - update vendored components
- Related: #2176055 - Related: #2176063
* Tue Mar 21 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-51 * Fri Mar 24 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-51
- be sure default_capabilities contain SYS_CHROOT - regenerate shortnames, vendored components + fix pyxis script
- Resolves: #2166195 - Related: #2176063
* Thu Mar 09 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-50 * Wed Feb 22 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-50
- improve shortnames generation - improve shortnames generation
- Related: #2176055 - Related: #2124478
* Mon Jan 02 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-49 * Tue Jan 31 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-49
- add missing systemd directories
- Related: #2124478
* Mon Jan 30 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-48
- update vendored components and configuration files - update vendored components and configuration files
- Related: #2123641 - Related: #2124478
* Fri Dec 02 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-48 * Thu Jan 05 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-47
- update vendored components and configuration files - update vendored components, regenerate pyxis
- Related: #2123641 - Related: #2124478
* Mon Nov 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-47 * Thu Nov 10 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-46
- enable NET_RAW capability for RHEL8 only - The NET_RAW capability was required in RHEL8 but no longer required in RHEL9
- Related: #2123641 - Resolves: #2141531
* Tue Nov 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-46
- update vendored components and configuration files
- Related: #2123641
* Fri Oct 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-45 * Fri Oct 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-45
- update vendored components and configuration files
- Related: #2123641
* Mon Oct 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-44
- update vendored components and configuration files
- Related: #2123641
* Thu Oct 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-43
- update vendored components and configuration files
- Related: #2123641
* Wed Sep 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-42
- update vendored components and configuration files
- Related: #2123641
* Tue Sep 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-41
- add beta GPG key - add beta GPG key
- Related: #2123641 - Related: #2124478
* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-40 * Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-44
- exclude non-go arches because of go-md2man
- Related: #2061316
* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-43
- add beta keys to default-policy.json - add beta keys to default-policy.json
- Related: #2061390 - Related: #2061316
* Mon Aug 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-39 * Mon Aug 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-42
- update shortnames - update shortnames
- Related: #2061390 - Related: #2061316
* Thu Aug 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-38 * Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-41
- arch limitation because of go-md2man (missing on i686) - drop aardvark-dns and netavark - packaged separately
- Related: #2061390
* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-37
- add install section
- update vendored components - update vendored components
- Related: #2061390 - Related: #2061316
* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-36 * Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-40
- remove aardvark-dns and netavark - packaged separately
- update vendored components and configuration files
- Related: #2061390
* Tue Jul 26 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
- update vendored components and configuration files
- Related: #2061390
* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
- remove rhel-els and update shortnames - remove rhel-els and update shortnames
- Related: #2061390 - Related: #2061316
* Thu Jun 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33 * Tue Jun 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-39
- update shortnames - update shortnames
- Related: #2061390 - Related: #2061316
* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-32 * Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-38
- additional fix for unqualified registries - fix unqualified registries in registries.conf generation code
- Related: #2061390 - Related: #2088139
* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-31 * Mon May 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-37
- fix unqualified registries
- Related: #2061390
* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-30
- update vendored components and configuration files
- Related: #2061390
* Mon May 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-29
- update unqualified registries list - update unqualified registries list
- Related: #2061390 - Related: #2088139
* Mon May 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28 * Mon May 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-36
- update aardvark-dns and netavark to 1.0.3 - update aardvark-dns and netavark to 1.0.3
- update vendored components - update vendored components
- Related: #2061390 - Related: #2061316
* Fri Apr 22 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-27 * Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
- add man page sources too
- Related: #2061390
* Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
- add missing man pages from Fedora - add missing man pages from Fedora
- Related: #2061390 - Related: #2061316
* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-25 * Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
- allow consuming aardvark-dns and netavark from upstream branch
- Related: #2061390
* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-24
- update to netavark and aardvark-dns 1.0.2 - update to netavark and aardvark-dns 1.0.2
- update vendored components - update vendored components
- Related: #2061390 - Related: #2061316
* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23 * Mon Mar 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- allow consuming aardvark-dns and netavark from upstream branches
- Related: #2061316
* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-32
- build rust packages with RUSTFLAGS set to make ExecShield happy (Lokesh Mandvekar)
- Related: #2000051
* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-31
- update to netavark and aardvark-dns 1.0.1 - update to netavark and aardvark-dns 1.0.1
- Related: #2001445 - Related: #2000051
* Wed Feb 23 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-22 * Wed Feb 23 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-30
- build rust packages with RUSTFLAGS set to make ExecShield happy - archful package should conflict with older noarch package
- Related: #2001445 - Related: #2000051
* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-21 * Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-29
- consistent release tags for all packages
- Related: #2000051
* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-28
- main package should obsolete noarch versions upto 2:1-22
- Related: #2000051
* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-27
- do not specify infra_image in containers.conf - do not specify infra_image in containers.conf
- needed to resolve gating test failures - needed to resolve gating test failures
- Related: #2001445 - Related: #2000051
* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-20 * Sat Feb 19 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-26
- aardvark-dns built for same arches as netavark
- Related: #2000051
* Sat Feb 19 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-25
- build netavark only for podman's arches
- i686 can't find go-md2man which causes the build to fail otherwise
- Related: #2000051
* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-24
- update to netavark-1.0.0 and aardvark-dns-1.0.0 - update to netavark-1.0.0 and aardvark-dns-1.0.0
- Related: #2001445 - Related: #2000051
* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-19 * Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23
- package aarvark-dns and netavark as part of the containers-common - package aarvark-dns and netavark as part of the containers-common
- Related: #2001445 - Related: #2000051
* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-18 * Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-22
- update shortnames and vendored components - update shortnames and vendored components
- Related: #2001445 - Related: #2000051
* Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-17 * Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-21
- containers.conf should contain network_backend = "cni" in RHEL8.6 - containers.conf should contain network_backend = "cni" in RHEL8.6
- Related: #2001445 - Related: #2000051
* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-16 * Wed Feb 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-20
- update vendored components and configuration files - update shortname aliases from upstream
- Related: #2001445 - Related: #2000051
* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-15 * Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-19
- sync vendored components - sync vendored components
- Related: #2001445 - Related: #2000051
* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-14 * Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-18
- sync vendored components - sync vendored components
- Related: #2001445 - Related: #2000051
* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-13 * Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-17
- update shortnames from Pyxis - sync shortname aliases via Pyxis
- Related: #2001445 - Related: #2000051
* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12 * Fri Dec 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-16
- do not hardcode log_driver = "journald" and events_logger = "journald"
for RHEL9 and leave the rootful/rootless behaviour change based on
internal logic
- Related: #2000051
* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-15
- do not allow broken content from Pyxis to land in shortnames.conf - do not allow broken content from Pyxis to land in shortnames.conf
- Related: #2001445 - Related: #2000051
* Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11 * Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-14
- sync vendored components - update vendored component versions
- update shortnames from Pyxis - sync shortname aliases via Pyxis
- Related: #2001445 - Related: #2000051
* Wed Dec 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10 * Tue Nov 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-13
- use log_driver = "journald" and events_logger = "journald" for RHEL9 - use log_driver = "journald" and events_logger = "journald" for RHEL9
- Related: #2001445 - Related: #2000051
* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9 * Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12
- consume seccomp.json from the oldest vendored version of c/common, - consume seccomp.json from the oldest vendored version of c/common,
not main branch not main branch
- Related: #2001445 - Related: #2000051
* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8 * Fri Nov 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11
- use ubi8/pause as ubi9/pause is not available yet
- Related: #2000051
* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10
- update vendored components - update vendored components
- Related: #2001445 - Related: #2000051
* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7 * Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
- make log_driver = "k8s-file" default in containers.conf - make log_driver = "k8s-file" default in containers.conf
- Related: #2001445 - Related: #2000051
* Wed Oct 13 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6 * Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
- sync vendored components - perform only sanity/installability tests for now
- Related: #2001445 - Related: #2000051
* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5 * Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7
- update to the new vendored components - update to the new vendored components
- Related: #2001445 - Related: #2000051
* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4 * Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
- add gating.yaml
- Related: #2000051
* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
- update to the new vendored components - update to the new vendored components
- Related: #2001445 - Related: #2000051
* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3 * Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
- fix updating scripts
- Related: #2000051
* Thu Sep 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
- update to the new vendored components - update to the new vendored components
- Related: #2001445 - Related: #2000051
* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-2 * Fri Aug 20 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:1-2
- synchronize config files for RHEL-8.5 - bump configs to latest versions
- Related: #1934415 - replace ubi9 references with ubi8
- Related: #1970747
* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-1 * Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-1
- initial import - initial import
- Related: #1934415 - Related: #1970747