SOURCES/containers.conf

@@ -57,19 +57,20 @@
 # List of default capabilities for containers. If it is empty or commented out,
 # the default capabilities defined in the container engine will be added.
 #
-#default_capabilities = [
+default_capabilities = [
-#  "CHOWN",
+  "NET_RAW",
-#  "DAC_OVERRIDE",
+  "CHOWN",
-#  "FOWNER",
+  "DAC_OVERRIDE",
-#  "FSETID",
+  "FOWNER",
-#  "KILL",
+  "FSETID",
-#  "NET_BIND_SERVICE",
+  "KILL",
-#  "SETFCAP",
+  "NET_BIND_SERVICE",
-#  "SETGID",
+  "SETFCAP",
-#  "SETPCAP",
+  "SETGID",
-#  "SETUID",
+  "SETPCAP",
-#  "SYS_CHROOT",
+  "SETUID",
-#]
+  "SYS_CHROOT",
+]
 
 # A list of sysctls to be set in containers by default,
 # specified as "name=value",
@@ -184,6 +185,7 @@ default_sysctls = [
 # Logging driver for the container. Available options: k8s-file and journald.
 #
 #log_driver = "k8s-file"
+log_driver = "k8s-file"
 
 # Maximum size allowed for the container log file. Negative numbers indicate
 # that no size limit is imposed. If positive, it must be >= 8192 to match or
@@ -320,6 +322,7 @@ default_sysctls = [
 # iptables rules and network interfaces might leak on the host. A reboot will fix this.
 #
 #network_backend = ""
+network_backend = "cni"
 
 # Path to directory where CNI plugin binaries are located.
 #
@@ -505,6 +508,7 @@ default_sysctls = [
 # Valid values are `journald`, `file` and `none`.
 #
 #events_logger = "journald"
+events_logger = "file"
 
 # Creates a more verbose container-create event which includes a JSON payload
 # with detailed information about the container.
@@ -642,7 +646,7 @@ default_sysctls = [
 # Default OCI runtime
 #
 #runtime = "crun"
-runtime = "crun"
+runtime = "runc"
 
 # List of the OCI runtimes that support --format=json. When json is supported
 # engine will use it for reporting nicer errors.

SOURCES/registries.conf

@@ -76,4 +76,4 @@ unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.
 # # 2. example-mirror-1.local/mirrors/foo/image:latest
 # # 3. internal-registry-for-example.net/bar/image:latest
 # # in order, and use the first one that exists.
-short-name-mode = "enforcing"
+short-name-mode = "permissive"

SPECS/containers-common.spec

@@ -12,9 +12,11 @@
 Epoch: 2
 Name: containers-common
 Version: 1
-Release: 61%{?dist}
+Release: 81%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
+# arch limitation because of go-md2man (missing on i686)
+# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
 ExclusiveArch: %{go_arches}
 BuildRequires: /usr/bin/go-md2man
 Provides: skopeo-containers = %{epoch}:%{version}-%{release}
@@ -173,256 +175,253 @@ EOF
 %{_datadir}/rhel/secrets/*
 
 %changelog
-* Thu Feb 08 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-61
+* Wed Feb 14 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-81
+- Update shortnames from Pyxis
+- Related: Jira:RHEL-2110
+
+* Mon Feb 12 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-80
+- bump release to preserve upgrade path
+- Resolves: Jira:RHEL-12277
+
+* Thu Feb 08 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-59
 - update vendored components
-- Related: Jira:RHEL-2112
+- Related: Jira:RHEL-2110
 
-* Tue Jan 02 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-60
+* Tue Jan 02 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-58
-- Update vendored components
+- update vendored components
-- Related: Jira:RHEL-2112
+- Related: Jira:RHEL-2110
 
-* Wed Oct 11 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-59
+* Wed Oct 11 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-57
-- fix shortnames
+- fix shortnames for rhel-minimal
-- Related: Jira:RHEL-2112
+- Related: Jira:RHEL-2110
 
-* Thu Sep 14 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-58
+* Fri Sep 15 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-56
 - implement GPG auto updating mechanism from redhat-release
-- Resolves: #RHEL-3164
+- Resolves: #RHEL-2110
 
-* Wed Sep 13 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-57
+* Wed Sep 13 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-55
 - update GPG keys to the current content of redhat-release
 - Resolves: #RHEL-3164
 
-* Fri Aug 25 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-56
+* Fri Aug 25 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-54
 - update vendored components and shortnames
-- Related: #2176063
+- Related: #2176055
 
-* Wed Jul 19 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-55
+* Mon Jul 10 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-53
-- fix vendoring script
-- Related: #2176063
-
-* Mon Jul 10 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-54
 - update vendored components
-- Related: #2176063
+- Related: #2176055
 
-* Tue Jun 20 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-53
+* Sat Jul 08 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-52
-- rebuild
-- Resolves: #2178263
-
-* Fri Apr 21 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-52
 - update vendored components
-- Related: #2176063
+- Related: #2176055
 
-* Fri Mar 24 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-51
+* Tue Mar 21 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-51
-- regenerate shortnames, vendored components + fix pyxis script
+- be sure default_capabilities contain SYS_CHROOT
-- Related: #2176063
+- Resolves: #2166195
 
-* Wed Feb 22 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-50
+* Thu Mar 09 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-50
 - improve shortnames generation
-- Related: #2124478
+- Related: #2176055
 
-* Tue Jan 31 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-49
+* Mon Jan 02 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-49
-- add missing systemd directories
-- Related: #2124478
-
-* Mon Jan 30 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-48
 - update vendored components and configuration files
-- Related: #2124478
+- Related: #2123641
 
-* Thu Jan 05 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-47
+* Fri Dec 02 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-48
-- update vendored components, regenerate pyxis
+- update vendored components and configuration files
-- Related: #2124478
+- Related: #2123641
 
-* Thu Nov 10 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-46
+* Mon Nov 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-47
-- The NET_RAW capability was required in RHEL8 but no longer required in RHEL9
+- enable NET_RAW capability for RHEL8 only
-- Resolves: #2141531
+- Related: #2123641
+
+* Tue Nov 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-46
+- update vendored components and configuration files
+- Related: #2123641
 
 * Fri Oct 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-45
+- update vendored components and configuration files
+- Related: #2123641
+
+* Mon Oct 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-44
+- update vendored components and configuration files
+- Related: #2123641
+
+* Thu Oct 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-43
+- update vendored components and configuration files
+- Related: #2123641
+
+* Wed Sep 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-42
+- update vendored components and configuration files
+- Related: #2123641
+
+* Tue Sep 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-41
 - add beta GPG key
-- Related: #2124478
+- Related: #2123641
 
-* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-44
+* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-40
-- exclude non-go arches because of go-md2man
-- Related: #2061316
-
-* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-43
 - add beta keys to default-policy.json
-- Related: #2061316
+- Related: #2061390
 
-* Mon Aug 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-42
+* Mon Aug 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-39
 - update shortnames
-- Related: #2061316
+- Related: #2061390
 
-* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-41
+* Thu Aug 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-38
-- drop aardvark-dns and netavark - packaged separately
+- arch limitation because of go-md2man (missing on i686)
+- Related: #2061390
+
+* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-37
+- add install section
 - update vendored components
-- Related: #2061316
+- Related: #2061390
 
-* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-40
+* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-36
+- remove aardvark-dns and netavark - packaged separately
+- update vendored components and configuration files
+- Related: #2061390
+
+* Tue Jul 26 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
+- update vendored components and configuration files
+- Related: #2061390
+
+* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
 - remove rhel-els and update shortnames
-- Related: #2061316
+- Related: #2061390
 
-* Tue Jun 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-39
+* Thu Jun 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
 - update shortnames
-- Related: #2061316
+- Related: #2061390
 
-* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-38
+* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-32
-- fix unqualified registries in registries.conf generation code
+- additional fix for unqualified registries
-- Related: #2088139
+- Related: #2061390
 
-* Mon May 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-37
+* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-31
+- fix unqualified registries
+- Related: #2061390
+
+* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-30
+- update vendored components and configuration files
+- Related: #2061390
+
+* Mon May 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-29
 - update unqualified registries list
-- Related: #2088139
+- Related: #2061390
 
-* Mon May 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-36
+* Mon May 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28
 - update aardvark-dns and netavark to 1.0.3
 - update vendored components
-- Related: #2061316
+- Related: #2061390
 
-* Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
+* Fri Apr 22 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-27
+- add man page sources too
+- Related: #2061390
+
+* Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
 - add missing man pages from Fedora
-- Related: #2061316
+- Related: #2061390
 
-* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
+* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-25
+- allow consuming aardvark-dns and netavark from upstream branch
+- Related: #2061390
+
+* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-24
 - update to netavark and aardvark-dns 1.0.2
 - update vendored components
-- Related: #2061316
+- Related: #2061390
 
-* Mon Mar 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
+* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23
-- allow consuming aardvark-dns and netavark from upstream branches
-- Related: #2061316
-
-* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-32
-- build rust packages with RUSTFLAGS set to make ExecShield happy (Lokesh Mandvekar)
-- Related: #2000051
-
-* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-31
 - update to netavark and aardvark-dns 1.0.1
-- Related: #2000051
+- Related: #2001445
 
-* Wed Feb 23 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-30
+* Wed Feb 23 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-22
-- archful package should conflict with older noarch package
+- build rust packages with RUSTFLAGS set to make ExecShield happy
-- Related: #2000051
+- Related: #2001445
 
-* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-29
+* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-21
-- consistent release tags for all packages
-- Related: #2000051
-
-* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-28
-- main package should obsolete noarch versions upto 2:1-22
-- Related: #2000051
-
-* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-27
 - do not specify infra_image in containers.conf
 - needed to resolve gating test failures
-- Related: #2000051
+- Related: #2001445
 
-* Sat Feb 19 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-26
+* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-20
-- aardvark-dns built for same arches as netavark
-- Related: #2000051
-
-* Sat Feb 19 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-25
-- build netavark only for podman's arches
-- i686 can't find go-md2man which causes the build to fail otherwise
-- Related: #2000051
-
-* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-24
 - update to netavark-1.0.0 and aardvark-dns-1.0.0
-- Related: #2000051
+- Related: #2001445
 
-* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23
+* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-19
 - package aarvark-dns and netavark as part of the containers-common
-- Related: #2000051
+- Related: #2001445
 
-* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-22
+* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-18
 - update shortnames and vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-21
+* Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-17
 - containers.conf should contain network_backend = "cni" in RHEL8.6
-- Related: #2000051
+- Related: #2001445
 
-* Wed Feb 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-20
+* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-16
-- update shortname aliases from upstream
+- update vendored components and configuration files
-- Related: #2000051
+- Related: #2001445
 
-* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-19
+* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-15
 - sync vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-18
+* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-14
 - sync vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-17
+* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-13
-- sync shortname aliases via Pyxis
+- update shortnames from Pyxis
-- Related: #2000051
+- Related: #2001445
 
-* Fri Dec 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-16
+* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12
-- do not hardcode log_driver = "journald" and events_logger = "journald"
-  for RHEL9 and leave the rootful/rootless behaviour change based on
-  internal logic
-- Related: #2000051
-
-* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-15
 - do not allow broken content from Pyxis to land in shortnames.conf
-- Related: #2000051
+- Related: #2001445
 
-* Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-14
+* Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11
-- update vendored component versions
+- sync vendored components
-- sync shortname aliases via Pyxis
+- update shortnames from Pyxis
-- Related: #2000051
+- Related: #2001445
 
-* Tue Nov 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-13
+* Wed Dec 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10
 - use log_driver = "journald" and events_logger = "journald" for RHEL9
-- Related: #2000051
+- Related: #2001445
 
-* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12
+* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
 - consume seccomp.json from the oldest vendored version of c/common,
   not main branch
-- Related: #2000051
+- Related: #2001445
 
-* Fri Nov 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11
+* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
-- use ubi8/pause as ubi9/pause is not available yet
-- Related: #2000051
-
-* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10
 - update vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
+* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7
 - make log_driver = "k8s-file" default in containers.conf
-- Related: #2000051
+- Related: #2001445
 
-* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
+* Wed Oct 13 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
-- perform only sanity/installability tests for now
+- sync vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7
+* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
 - update to the new vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
+* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
-- add gating.yaml
-- Related: #2000051
-
-* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
 - update to the new vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
+* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
-- fix updating scripts
-- Related: #2000051
-
-* Thu Sep 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
 - update to the new vendored components
-- Related: #2000051
+- Related: #2001445
 
-* Fri Aug 20 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:1-2
+* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-2
-- bump configs to latest versions
+- synchronize config files for RHEL-8.5
-- replace ubi9 references with ubi8
+- Related: #1934415
-- Related: #1970747
 
 * Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-1
 - initial import
-- Related: #1970747
+- Related: #1934415