From 2e25e23cb8ae4c363b435e5cebdba6c8942f10ec Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 9 Nov 2020 09:30:20 -0500 Subject: [PATCH] Fix default ping range in containers.conf Allow setting of --remote default in containers.conf --- containers.conf | 15 ++++++++++++--- containers.conf.5.md | 9 ++++++++- skopeo.spec | 6 +++++- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/containers.conf b/containers.conf index 3e53958..e8519b2 100644 --- a/containers.conf +++ b/containers.conf @@ -52,7 +52,7 @@ # Options are: # `enabled` Enable cgroup support within container # `disabled` Disable cgroup support, will inherit cgroups from parent -# `no-conmon` Container engine runs run without conmon +# `no-conmon` Do not create a cgroup dedicated to conmon. # # cgroups = "enabled" @@ -73,12 +73,13 @@ default_capabilities = [ "SYS_CHROOT" ] + # A list of sysctls to be set in containers by default, # specified as "name=value", -# for example:"net.ipv4.ping_group_range = 0 1000". +# for example:"net.ipv4.ping_group_range = 0 0". # default_sysctls = [ - "net.ipv4.ping_group_range=0 1", + "net.ipv4.ping_group_range=0 0", ] # A list of ulimits to be set in containers by default, specified as @@ -241,6 +242,9 @@ default_sysctls = [ # network_config_dir = "/etc/cni/net.d/" [engine] +# ImageBuildFormat indicates the default image format to building +# container images. Valid values are "oci" (default) or "docker". +# image_build_format = "oci" # Cgroup management implementation used for the runtime. # Valid options "systemd" or "cgroupfs" @@ -353,6 +357,11 @@ default_sysctls = [ # Whether to pull new image before running a container # pull_policy = "missing" +# Indicates whether the application should be running in remote mode. This flag modifies the +# --remote option on container engines. Setting the flag to true will default +# `podman --remote=true` for access to the remote Podman service. +# remote = false + # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage # stores containers diff --git a/containers.conf.5.md b/containers.conf.5.md index 7352649..bb9f14b 100644 --- a/containers.conf.5.md +++ b/containers.conf.5.md @@ -76,7 +76,7 @@ Determines whether the container will create CGroups. Options are: `enabled` Enable cgroup support within container `disabled` Disable cgroup support, will inherit cgroups from parent - `no-conmon` Container engine runs run without conmon + `no-conmon` Do not create a cgroup dedicated to conmon. **default_capabilities**=[] @@ -268,6 +268,9 @@ Path to the directory where CNI configuration files are located. ## ENGINE TABLE The `engine` table contains configuration options used to set up container engines such as Podman and Buildah. +**image_build_format**="oci" +The default image format to building container images. Valid values are "oci" (default) or "docker". + **cgroup_check**=false CgroupCheck indicates the configuration has been rewritten after an upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2. @@ -411,6 +414,10 @@ Pull image before running or creating a container. The default is **missing**. - **always**: pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally. - **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally. +**remote** = false +Indicates whether the application should be running in remote mode. This flag modifies the +--remote option on container engines. Setting the flag to true will default `podman --remote=true` for access to the remote Podman service. + **runtime**="crun" Default OCI specific runtime in runtimes that will be used by default. Must diff --git a/skopeo.spec b/skopeo.spec index a807500..3f8a92f 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -46,7 +46,7 @@ Epoch: 1 Epoch: 2 %endif Version: 1.2.1 -Release: 16.dev.git%{shortcommit0}%{?dist} +Release: 17.dev.git%{shortcommit0}%{?dist} Summary: Inspect container images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -449,6 +449,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/%{name}/test %changelog +* Mon Nov 9 2020 Dan Walsh - 1:1.2.1-17.dev.git1a3ae14 +- Fix default ping range in containers.conf +- Allow setting of --remote default in containers.conf + * Sat Nov 7 2020 RH Container Bot - 1:1.2.1-16.dev.git1a3ae14 - autobuilt 1a3ae14