Update docs and seccomp files
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
parent
b04f8aca3e
commit
a9e568061a
@ -177,7 +177,7 @@ One of the following alternatives are supported:
|
||||
```json
|
||||
{"type":"matchRepoDigestOrExact"}
|
||||
```
|
||||
- The identity in the signature must be in the same repository as the image identity. This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifing an exact image version.
|
||||
- The identity in the signature must be in the same repository as the image identity. This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifying an exact image version.
|
||||
|
||||
```json
|
||||
{"type":"matchRepository"}
|
||||
|
@ -12,7 +12,7 @@ The registries configuration directory contains configuration for various regist
|
||||
so that the configuration does not have to be provided in command-line options over and over for every command,
|
||||
and so that it can be shared by all users of containers/image.
|
||||
|
||||
By default (unless overridden at compile-time), the registries configuration directory is `/etc/containers/registries.d`;
|
||||
By default, the registries configuration directory is `$HOME/.config/containers/registries.d` if it exists, otherwise `/etc/containers/registries.d` (unless overridden at compile-time);
|
||||
applications may allow using a different directory instead.
|
||||
|
||||
## Directory Structure
|
||||
|
@ -224,7 +224,7 @@ The contents of this string is not defined in detail; however each implementatio
|
||||
Consumers of container signatures MAY recognize specific values or sets of values of `optional.creator`
|
||||
(perhaps augmented with `optional.timestamp`),
|
||||
and MAY change their processing of the signature based on these values
|
||||
(usually to acommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
|
||||
(usually to accommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
|
||||
as long as the semantics of the invalid document, as created by such an implementation, is clear.
|
||||
|
||||
If consumers of signatures do change their behavior based on the `optional.creator` value,
|
||||
|
@ -75,7 +75,7 @@ The `storage.options` table supports the following options:
|
||||
remap-group = "containers"
|
||||
|
||||
**root-auto-userns-user**=""
|
||||
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
|
||||
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
|
||||
|
||||
**auto-userns-min-size**=1024
|
||||
Auto-userns-min-size is the minimum size for a user namespace created automatically.
|
||||
|
@ -41,10 +41,14 @@ If `name` does not contain a slash, it is treated as `docker.io/library/name`.
|
||||
Otherwise, the component before the first slash is checked if it is recognized as a `hostname[:port]` (i.e., it contains either a . or a :, or the component is exactly localhost).
|
||||
If the first component of name is not recognized as a `hostname[:port]`, `name` is treated as `docker.io/name`.
|
||||
|
||||
### **docker-archive:**_path[:docker-reference]_
|
||||
### **docker-archive:**_path[:{docker-reference|@source-index}]_
|
||||
|
||||
An image is stored in the docker-save(1) formatted file.
|
||||
_docker-reference_ is only used when creating such a file, and it must not contain a digest.
|
||||
_docker-reference_ must not contain a digest.
|
||||
Alternatively, for reading archives, @_source-index_ is a zero-based index in archive manifest
|
||||
(to access untagged images).
|
||||
If neither _docker-reference_ nor @_source_index is specified when reading an archive, the archive must contain exactly one image.
|
||||
|
||||
It is further possible to copy data to stdin by specifying `docker-archive:/dev/stdin` but note that the used file must be seekable.
|
||||
|
||||
### **docker-daemon:**_docker-reference|algo:digest_
|
||||
|
@ -71,7 +71,7 @@
|
||||
"clock_getres",
|
||||
"clock_gettime",
|
||||
"clock_nanosleep",
|
||||
"clone",
|
||||
"clone",
|
||||
"close",
|
||||
"connect",
|
||||
"copy_file_range",
|
||||
@ -93,6 +93,7 @@
|
||||
"exit",
|
||||
"exit_group",
|
||||
"faccessat",
|
||||
"faccessat2",
|
||||
"fadvise64",
|
||||
"fadvise64_64",
|
||||
"fallocate",
|
||||
@ -100,6 +101,7 @@
|
||||
"fchdir",
|
||||
"fchmod",
|
||||
"fchmodat",
|
||||
"fchmodat2",
|
||||
"fchown",
|
||||
"fchown32",
|
||||
"fchownat",
|
||||
@ -220,6 +222,7 @@
|
||||
"newfstatat",
|
||||
"open",
|
||||
"openat",
|
||||
"openat2",
|
||||
"pause",
|
||||
"pipe",
|
||||
"pipe2",
|
||||
|
@ -46,7 +46,7 @@ Epoch: 1
|
||||
Epoch: 2
|
||||
%endif
|
||||
Version: 1.1.1
|
||||
Release: 42.dev.git%{shortcommit0}%{?dist}
|
||||
Release: 43.dev.git%{shortcommit0}%{?dist}
|
||||
Summary: Inspect container images and repositories on registries
|
||||
License: ASL 2.0
|
||||
URL: %{git0}
|
||||
@ -447,6 +447,12 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
|
||||
%{_datadir}/%{name}/test
|
||||
|
||||
%changelog
|
||||
* Sat Sep 12 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-43.dev.git5d5756c
|
||||
- update man pages
|
||||
- Update seccomp rules
|
||||
- Update configuration files in containers-common
|
||||
- Update configuration files in containers-storage
|
||||
|
||||
* Fri Sep 11 19:12:27 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-42.dev.git45a9efb
|
||||
- autobuilt 45a9efb
|
||||
|
||||
|
@ -47,7 +47,7 @@ additionalimagestores = [
|
||||
# remap-group = "containers"
|
||||
|
||||
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
|
||||
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partioned
|
||||
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
|
||||
# to containers configured to create automatically a user namespace. Containers
|
||||
# configured to automatically create a user namespace can still overlap with containers
|
||||
# having an explicit mapping set.
|
||||
|
Loading…
Reference in New Issue
Block a user