From a4bc000541e1b2b2f1dde788798ae2b2077d6403 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 22 Dec 2020 10:14:05 -0500
Subject: [PATCH] Update man pages and conf files for containers-common

---
 containers-storage.conf.5.md |  2 +-
 containers.conf              | 24 ++++++++++++------------
 containers.conf.5.md         |  7 ++++---
 seccomp.json                 |  3 +++
 shortnames.conf              |  2 ++
 skopeo.spec                  |  5 ++++-
 storage.conf                 |  2 +-
 7 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/containers-storage.conf.5.md b/containers-storage.conf.5.md
index 14c92e1..ba6fcaa 100644
--- a/containers-storage.conf.5.md
+++ b/containers-storage.conf.5.md
@@ -46,7 +46,7 @@ The `storage` table supports the following options:
   A common use case for this field is to provide a local storage directory when user home directories are NFS-mounted (podman does not support container storage over NFS).
 
 **runroot**=""
-  container storage run dir (default: "/var/run/containers/storage")
+  container storage run dir (default: "/run/containers/storage")
   Default directory to store all temporary writable content created by container storage programs.
   The rootless runroot path supports environment variable substitutions (ie. `$HOME/containers/storage`)
 
diff --git a/containers.conf b/containers.conf
index 12fbecc..0587469 100644
--- a/containers.conf
+++ b/containers.conf
@@ -380,7 +380,7 @@ default_sysctls = [
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #
-# tmp_dir = "/var/run/libpod"
+# tmp_dir = "/run/libpod"
 
 # Directory for libpod named volumes.
 # By default, this will be configured relative to where containers/storage
@@ -425,18 +425,8 @@ default_sysctls = [
 #     Path to file containing ssh identity key
 #     identity = "~/.ssh/id_rsa"
 
-# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
+# Paths to look for a valid OCI runtime (crun, runc, kata, etc)
 [engine.runtimes]
-# runc = [
-#        "/usr/bin/runc",
-#        "/usr/sbin/runc",
-#        "/usr/local/bin/runc",
-#        "/usr/local/sbin/runc",
-#        "/sbin/runc",
-#        "/bin/runc",
-#        "/usr/lib/cri-o-runc/sbin/runc",
-# ]
-
 # crun = [
 #            "/usr/bin/crun",
 #            "/usr/sbin/crun",
@@ -447,6 +437,16 @@ default_sysctls = [
 #            "/run/current-system/sw/bin/crun",
 # ]
 
+# runc = [
+#        "/usr/bin/runc",
+#        "/usr/sbin/runc",
+#        "/usr/local/bin/runc",
+#        "/usr/local/sbin/runc",
+#        "/sbin/runc",
+#        "/bin/runc",
+#        "/usr/lib/cri-o-runc/sbin/runc",
+# ]
+
 # kata = [
 #            "/usr/bin/kata-runtime",
 #            "/usr/sbin/kata-runtime",
diff --git a/containers.conf.5.md b/containers.conf.5.md
index 5836ee7..6ff2b11 100644
--- a/containers.conf.5.md
+++ b/containers.conf.5.md
@@ -435,10 +435,11 @@ Pull image before running or creating a container. The default is **missing**.
 Indicates whether the application should be running in remote mode. This flag modifies the
 --remote option on container engines. Setting the flag to true will default `podman --remote=true` for access to the remote Podman service.
 
-**runtime**="crun"
+**runtime**=""
 
 Default OCI specific runtime in runtimes that will be used by default. Must
-refer to a member of the runtimes table.
+refer to a member of the runtimes table. Default runtime will be searched for
+on the system using the priority: "crun", "runc", "kata".
 
 **runtime_supports_json**=["crun", "runc", "kata"]
 
@@ -462,7 +463,7 @@ stores containers.
 
 Number of seconds to wait for container to exit before sending kill signal.
 
-**tmp_dir**="/var/run/libpod"
+**tmp_dir**="/run/libpod"
 
 The path to a temporary directory to store per-boot container.
 Must be a tmpfs (wiped after reboot).
diff --git a/seccomp.json b/seccomp.json
index ec24538..92e1218 100644
--- a/seccomp.json
+++ b/seccomp.json
@@ -77,6 +77,7 @@
 				"clock_nanosleep_time64",
 				"clone",
 				"close",
+				"close_range",
 				"connect",
 				"copy_file_range",
 				"creat",
@@ -228,6 +229,8 @@
 				"openat2",
 				"pause",
 				"pidfd_getfd",
+				"pidfd_open",
+				"pidfd_send_signal",
 				"pipe",
 				"pipe2",
 				"pivot_root",
diff --git a/shortnames.conf b/shortnames.conf
index 871a20a..271f374 100644
--- a/shortnames.conf
+++ b/shortnames.conf
@@ -42,3 +42,5 @@
   "ubi8-init" = "registry.access.redhat.com/ubi8-init"
   # Debian
   "debian" = "docker.io/library/debian"
+  # Oracle Linux
+  "oraclelinux" = "container-registry.oracle.com/os/oraclelinux"
diff --git a/skopeo.spec b/skopeo.spec
index 193b333..d0eb713 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -43,7 +43,7 @@
 Name: %{repo}
 Epoch: %{conditional_epoch}
 Version: 1.2.1
-Release: 36.dev.git%{shortcommit0}%{?dist}
+Release: 37.dev.git%{shortcommit0}%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: %{git0}
@@ -460,6 +460,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 
 %changelog
+* Tue Dec 22 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.2.1-37.dev.git342b839
+- Update man pages and conf files for containers-common
+
 * Mon Dec 21 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.2.1-36.dev.git342b839
 - autobuilt 342b839
 
diff --git a/storage.conf b/storage.conf
index 72735b6..7372e5a 100644
--- a/storage.conf
+++ b/storage.conf
@@ -8,7 +8,7 @@
 driver = "overlay"
 
 # Temporary storage location
-runroot = "/var/run/containers/storage"
+runroot = "/run/containers/storage"
 
 # Primary Read/Write location of container storage
 graphroot = "/var/lib/containers/storage"