Update docs and seccomp files
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
parent
b04f8aca3e
commit
a9e568061a
@ -177,7 +177,7 @@ One of the following alternatives are supported:
|
|||||||
```json
|
```json
|
||||||
{"type":"matchRepoDigestOrExact"}
|
{"type":"matchRepoDigestOrExact"}
|
||||||
```
|
```
|
||||||
- The identity in the signature must be in the same repository as the image identity. This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifing an exact image version.
|
- The identity in the signature must be in the same repository as the image identity. This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifying an exact image version.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{"type":"matchRepository"}
|
{"type":"matchRepository"}
|
||||||
|
|||||||
@ -12,7 +12,7 @@ The registries configuration directory contains configuration for various regist
|
|||||||
so that the configuration does not have to be provided in command-line options over and over for every command,
|
so that the configuration does not have to be provided in command-line options over and over for every command,
|
||||||
and so that it can be shared by all users of containers/image.
|
and so that it can be shared by all users of containers/image.
|
||||||
|
|
||||||
By default (unless overridden at compile-time), the registries configuration directory is `/etc/containers/registries.d`;
|
By default, the registries configuration directory is `$HOME/.config/containers/registries.d` if it exists, otherwise `/etc/containers/registries.d` (unless overridden at compile-time);
|
||||||
applications may allow using a different directory instead.
|
applications may allow using a different directory instead.
|
||||||
|
|
||||||
## Directory Structure
|
## Directory Structure
|
||||||
|
|||||||
@ -224,7 +224,7 @@ The contents of this string is not defined in detail; however each implementatio
|
|||||||
Consumers of container signatures MAY recognize specific values or sets of values of `optional.creator`
|
Consumers of container signatures MAY recognize specific values or sets of values of `optional.creator`
|
||||||
(perhaps augmented with `optional.timestamp`),
|
(perhaps augmented with `optional.timestamp`),
|
||||||
and MAY change their processing of the signature based on these values
|
and MAY change their processing of the signature based on these values
|
||||||
(usually to acommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
|
(usually to accommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
|
||||||
as long as the semantics of the invalid document, as created by such an implementation, is clear.
|
as long as the semantics of the invalid document, as created by such an implementation, is clear.
|
||||||
|
|
||||||
If consumers of signatures do change their behavior based on the `optional.creator` value,
|
If consumers of signatures do change their behavior based on the `optional.creator` value,
|
||||||
|
|||||||
@ -75,7 +75,7 @@ The `storage.options` table supports the following options:
|
|||||||
remap-group = "containers"
|
remap-group = "containers"
|
||||||
|
|
||||||
**root-auto-userns-user**=""
|
**root-auto-userns-user**=""
|
||||||
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
|
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
|
||||||
|
|
||||||
**auto-userns-min-size**=1024
|
**auto-userns-min-size**=1024
|
||||||
Auto-userns-min-size is the minimum size for a user namespace created automatically.
|
Auto-userns-min-size is the minimum size for a user namespace created automatically.
|
||||||
|
|||||||
@ -41,10 +41,14 @@ If `name` does not contain a slash, it is treated as `docker.io/library/name`.
|
|||||||
Otherwise, the component before the first slash is checked if it is recognized as a `hostname[:port]` (i.e., it contains either a . or a :, or the component is exactly localhost).
|
Otherwise, the component before the first slash is checked if it is recognized as a `hostname[:port]` (i.e., it contains either a . or a :, or the component is exactly localhost).
|
||||||
If the first component of name is not recognized as a `hostname[:port]`, `name` is treated as `docker.io/name`.
|
If the first component of name is not recognized as a `hostname[:port]`, `name` is treated as `docker.io/name`.
|
||||||
|
|
||||||
### **docker-archive:**_path[:docker-reference]_
|
### **docker-archive:**_path[:{docker-reference|@source-index}]_
|
||||||
|
|
||||||
An image is stored in the docker-save(1) formatted file.
|
An image is stored in the docker-save(1) formatted file.
|
||||||
_docker-reference_ is only used when creating such a file, and it must not contain a digest.
|
_docker-reference_ must not contain a digest.
|
||||||
|
Alternatively, for reading archives, @_source-index_ is a zero-based index in archive manifest
|
||||||
|
(to access untagged images).
|
||||||
|
If neither _docker-reference_ nor @_source_index is specified when reading an archive, the archive must contain exactly one image.
|
||||||
|
|
||||||
It is further possible to copy data to stdin by specifying `docker-archive:/dev/stdin` but note that the used file must be seekable.
|
It is further possible to copy data to stdin by specifying `docker-archive:/dev/stdin` but note that the used file must be seekable.
|
||||||
|
|
||||||
### **docker-daemon:**_docker-reference|algo:digest_
|
### **docker-daemon:**_docker-reference|algo:digest_
|
||||||
|
|||||||
@ -71,7 +71,7 @@
|
|||||||
"clock_getres",
|
"clock_getres",
|
||||||
"clock_gettime",
|
"clock_gettime",
|
||||||
"clock_nanosleep",
|
"clock_nanosleep",
|
||||||
"clone",
|
"clone",
|
||||||
"close",
|
"close",
|
||||||
"connect",
|
"connect",
|
||||||
"copy_file_range",
|
"copy_file_range",
|
||||||
@ -93,6 +93,7 @@
|
|||||||
"exit",
|
"exit",
|
||||||
"exit_group",
|
"exit_group",
|
||||||
"faccessat",
|
"faccessat",
|
||||||
|
"faccessat2",
|
||||||
"fadvise64",
|
"fadvise64",
|
||||||
"fadvise64_64",
|
"fadvise64_64",
|
||||||
"fallocate",
|
"fallocate",
|
||||||
@ -100,6 +101,7 @@
|
|||||||
"fchdir",
|
"fchdir",
|
||||||
"fchmod",
|
"fchmod",
|
||||||
"fchmodat",
|
"fchmodat",
|
||||||
|
"fchmodat2",
|
||||||
"fchown",
|
"fchown",
|
||||||
"fchown32",
|
"fchown32",
|
||||||
"fchownat",
|
"fchownat",
|
||||||
@ -220,6 +222,7 @@
|
|||||||
"newfstatat",
|
"newfstatat",
|
||||||
"open",
|
"open",
|
||||||
"openat",
|
"openat",
|
||||||
|
"openat2",
|
||||||
"pause",
|
"pause",
|
||||||
"pipe",
|
"pipe",
|
||||||
"pipe2",
|
"pipe2",
|
||||||
|
|||||||
@ -46,7 +46,7 @@ Epoch: 1
|
|||||||
Epoch: 2
|
Epoch: 2
|
||||||
%endif
|
%endif
|
||||||
Version: 1.1.1
|
Version: 1.1.1
|
||||||
Release: 42.dev.git%{shortcommit0}%{?dist}
|
Release: 43.dev.git%{shortcommit0}%{?dist}
|
||||||
Summary: Inspect container images and repositories on registries
|
Summary: Inspect container images and repositories on registries
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: %{git0}
|
URL: %{git0}
|
||||||
@ -447,6 +447,12 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
|
|||||||
%{_datadir}/%{name}/test
|
%{_datadir}/%{name}/test
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Sep 12 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-43.dev.git5d5756c
|
||||||
|
- update man pages
|
||||||
|
- Update seccomp rules
|
||||||
|
- Update configuration files in containers-common
|
||||||
|
- Update configuration files in containers-storage
|
||||||
|
|
||||||
* Fri Sep 11 19:12:27 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-42.dev.git45a9efb
|
* Fri Sep 11 19:12:27 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-42.dev.git45a9efb
|
||||||
- autobuilt 45a9efb
|
- autobuilt 45a9efb
|
||||||
|
|
||||||
|
|||||||
@ -47,7 +47,7 @@ additionalimagestores = [
|
|||||||
# remap-group = "containers"
|
# remap-group = "containers"
|
||||||
|
|
||||||
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
|
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
|
||||||
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partioned
|
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
|
||||||
# to containers configured to create automatically a user namespace. Containers
|
# to containers configured to create automatically a user namespace. Containers
|
||||||
# configured to automatically create a user namespace can still overlap with containers
|
# configured to automatically create a user namespace can still overlap with containers
|
||||||
# having an explicit mapping set.
|
# having an explicit mapping set.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user