diff --git a/containers-storage.conf.5.md b/containers-storage.conf.5.md index 3edfd84..d06ca09 100644 --- a/containers-storage.conf.5.md +++ b/containers-storage.conf.5.md @@ -263,13 +263,45 @@ The semanage command above tells SELinux to setup the default labeling of `NEWST Now all new content created in these directories will automatically be created with the correct label. -## SEE ALSO -`semanage(8)`, `restorecon(8)`, `mount(8)`, `fuse-overlayfs(1)` +## QUOTAS + +Container storage implements `XFS project quota controls` for overlay storage +containers and volumes. The directory used to store the containers must be an +`XFS` file system and be mounted with the `pquota` option. + +Example /etc/fstab entry: +``` +/dev/podman/podman-var /var xfs defaults,x-systemd.device-timeout=0,pquota 1 2 +``` + +Container storage generates project ids for each container and builtin volume, but these project ids need to be unique for the XFS file system. + +The xfs_quota tool can be used to assign a project id to the storage driver directory, e.g.: + +``` +echo 100000:/var/lib/containers/storage/overlay >> /etc/projects +echo 200000:/var/lib/containers/storage/volumes >> /etc/projects +echo storage:100000 >> /etc/projid +echo volumes:200000 >> /etc/projid +xfs_quota -x -c 'project -s storage volumes' / +``` + +In the example above, the storage directory project id will be used as a "start offset" +and all containers will be assigned larger project ids (e.g. >= 100000). +Then the volumes directory project id will be used as a "start offset" +and all volumes will be assigned larger project ids (e.g. >= 200000). +This is a way to prevent xfs_quota management from conflicting with containers/storage. ## FILES Distributions often provide a `/usr/share/containers/storage.conf` file to define default storage configuration. Administrators can override this file by creating `/etc/containers/storage.conf` to specify their own configuration. The storage.conf file for rootless users is stored in the `$XDG_CONFIG_HOME/containers/storage.conf` file. If `$XDG_CONFIG_HOME` is not set then the file `$HOME/.config/containers/storage.conf` is used. +/etc/projects - XFS persistent project root definition +/etc/projid - XFS project name mapping file + +## SEE ALSO +`semanage(8)`, `restorecon(8)`, `mount(8)`, `fuse-overlayfs(1)`, `xfs_quota(8)`, `projects(5)`, `projid(5)` + ## HISTORY May 2017, Originally compiled by Dan Walsh Format copied from crio.conf man page created by Aleksa Sarai diff --git a/containers.conf b/containers.conf index cda3b25..666e679 100644 --- a/containers.conf +++ b/containers.conf @@ -190,6 +190,13 @@ default_sysctls = [ # # pids_limit = 2048 +# Copy the content from the underlying image into the newly created volume +# when the container is created instead of when it is started. If false, +# the container engine will not copy the content until the container is started. +# Setting it to true may have negative performance implications. +# +# prepare_volume_on_create = false + # Indicates the networking to be used for rootless containers # rootless_networking = "slirp4netns" diff --git a/containers.conf.5.md b/containers.conf.5.md index babc4b9..14ac609 100644 --- a/containers.conf.5.md +++ b/containers.conf.5.md @@ -219,6 +219,10 @@ Options are: Maximum number of processes allowed in a container. 0 indicates that no limit is imposed. +**prepare_volume_on_create**=false + +Copy the content from the underlying image into the newly created volume when the container is created instead of when it is started. If `false`, the container engine will not copy the content until the container is started. Setting it to `true` may have negative performance implications. + **rootless_networking**="slirp4netns" Set type of networking rootless containers should use. Valid options are `slirp4netns` @@ -494,6 +498,11 @@ By default this will be configured relative to where containers/storage store containers. This convention is followed by the default volume driver, but may not be by other drivers. +**chown_copied_files**=true + +Determines whether file copied into a container will have changed ownership to +the primary uid/gid of the container. + ## SERVICE DESTINATION TABLE The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API. diff --git a/skopeo.spec b/skopeo.spec index 08a8a92..97e074d 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -21,8 +21,8 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl # podman/skopeo/podman. %global podman_branch v3.3 %global image_branch v5.15.0 -%global common_branch v0.41.0 -%global storage_branch v1.33.0 +%global common_branch v0.42.0 +%global storage_branch v1.33.1 %global shortnames_branch main %global commit0 a44da449d35e4621e9993f406d5a4f98dd89965e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) @@ -30,7 +30,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl Epoch: 1 Name: skopeo Version: 1.4.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Inspect container images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -93,7 +93,11 @@ Conflicts: atomic-registries <= 1:1.22.1-1 Obsoletes: docker-rhsubscription <= 2:1.13.1-31 Provides: %{name}-containers = %{epoch}:%{version}-%{release} Obsoletes: %{name}-containers <= 1:0.1.31-3 +%if 0%{?rhel} >= 9 || 0%{?fedora} Requires: crun >= 0.19 +%else +Requires: runc +%endif Recommends: fuse-overlayfs Recommends: slirp4netns Suggests: subscription-manager @@ -263,6 +267,11 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/%{name}/test %changelog +* Wed Aug 04 2021 Jindrich Novy - 1:1.4.0-3 +- update vendored components +- always require runc on RHEL8 or lesser +- Related: #1970747 + * Wed Aug 04 2021 Jindrich Novy - 1:1.4.0-2 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.4 (https://github.com/containers/skopeo/commit/a44da44)