rpms/skopeo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update configuration files in containers-common

Browse Source
This commit is contained in:
Daniel J Walsh 2020-06-30 05:32:42 -04:00
parent 123a90009f
commit b1155039f5
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
5 changed files with 151 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
containers-registries.conf.d.5.md
View File

@ -15,7 +15,8 @@ By default, the directory is located at `/etc/containers/registries.conf.d`.
Once the main configuration at `/etc/containers/registries.conf` is loaded, the Once the main configuration at `/etc/containers/registries.conf` is loaded, the
files in `/etc/containers/registries.conf.d` are loaded in alpha-numerical files in `/etc/containers/registries.conf.d` are loaded in alpha-numerical
order. Specified fields in a config will overwrite any previous setting. Note order. Then the conf files in `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order, if they exist. If the `$HOME/.config/containers/registries.conf` is loaded, only the conf files under `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order.
Specified fields in a conf file will overwrite any previous setting. Note
that only files with the `.conf` prefix are loaded, other files and that only files with the `.conf` prefix are loaded, other files and
sub-directories are ignored. sub-directories are ignored.

14
containers.conf
View File

@ -329,6 +329,14 @@
# Whether to pull new image before running a container # Whether to pull new image before running a container
# pull_policy = "missing" # pull_policy = "missing"
# Default Remote URI to access the Podman service.
# Examples:
# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
# rootfull "unix://run/podman/podman.sock.(Default)
# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
# remote_uri= ""
# Directory for persistent engine files (database, etc) # Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage # By default, this will be configured relative to where the containers/storage
# stores containers # stores containers
@ -364,6 +372,9 @@
# #
# runtime_supports_kvm = ["kata"] # runtime_supports_kvm = ["kata"]
# Number of seconds to wait for container to exit before sending kill signal.
# stop_timeout = 10
# Paths to look for a valid OCI runtime (runc, runv, kata, etc) # Paths to look for a valid OCI runtime (runc, runv, kata, etc)
[engine.runtimes] [engine.runtimes]
# runc = [ # runc = [
@ -397,9 +408,6 @@
# "/usr/bin/kata-fc", # "/usr/bin/kata-fc",
# ] # ]
# Number of seconds to wait for container to exit before sending kill signal.
#stop_timeout = 10
# The [engine.runtimes] table MUST be the last entry in this file. # The [engine.runtimes] table MUST be the last entry in this file.
# (Unless another table is added) # (Unless another table is added)
# TOML does not provide a way to end a table other than a further table being # TOML does not provide a way to end a table other than a further table being

157
seccomp.json
View File

@ -52,6 +52,8 @@
"syscalls": [ "syscalls": [
{ {
"names": [ "names": [
"_llseek",
"_newselect",
"accept", "accept",
"accept4", "accept4",
"access", "access",
@ -120,6 +122,8 @@
"ftruncate64", "ftruncate64",
"futex", "futex",
"futimesat", "futimesat",
"get_robust_list",
"get_thread_area",
"getcpu", "getcpu",
"getcwd", "getcwd",
"getdents", "getdents",
@ -145,12 +149,10 @@
"getresuid", "getresuid",
"getresuid32", "getresuid32",
"getrlimit", "getrlimit",
"get_robust_list",
"getrusage", "getrusage",
"getsid", "getsid",
"getsockname", "getsockname",
"getsockopt", "getsockopt",
"get_thread_area",
"gettid", "gettid",
"gettimeofday", "gettimeofday",
"getuid", "getuid",
@ -161,15 +163,15 @@
"inotify_init1", "inotify_init1",
"inotify_rm_watch", "inotify_rm_watch",
"io_cancel", "io_cancel",
"ioctl",
"io_destroy", "io_destroy",
"io_getevents", "io_getevents",
"ioprio_get",
"ioprio_set",
"io_setup", "io_setup",
"io_submit", "io_submit",
"ioctl",
"ioprio_get",
"ioprio_set",
"ipc", "ipc",
"keyctl", "keyctl",
"kill", "kill",
"lchown", "lchown",
"lchown32", "lchown32",
@ -179,7 +181,6 @@
"listen", "listen",
"listxattr", "listxattr",
"llistxattr", "llistxattr",
"_llseek",
"lremovexattr", "lremovexattr",
"lseek", "lseek",
"lsetxattr", "lsetxattr",
@ -197,6 +198,7 @@
"mlockall", "mlockall",
"mmap", "mmap",
"mmap2", "mmap2",
"mount",
"mprotect", "mprotect",
"mq_getsetattr", "mq_getsetattr",
"mq_notify", "mq_notify",
@ -213,9 +215,9 @@
"munlock", "munlock",
"munlockall", "munlockall",
"munmap", "munmap",
"name_to_handle_at",
"nanosleep", "nanosleep",
"newfstatat", "newfstatat",
"_newselect",
"open", "open",
"openat", "openat",
"pause", "pause",
@ -238,6 +240,7 @@
"readlink", "readlink",
"readlinkat", "readlinkat",
"readv", "readv",
"reboot",
"recv", "recv",
"recvfrom", "recvfrom",
"recvmmsg", "recvmmsg",
@ -257,11 +260,11 @@
"rt_sigsuspend", "rt_sigsuspend",
"rt_sigtimedwait", "rt_sigtimedwait",
"rt_tgsigqueueinfo", "rt_tgsigqueueinfo",
"sched_get_priority_max",
"sched_get_priority_min",
"sched_getaffinity", "sched_getaffinity",
"sched_getattr", "sched_getattr",
"sched_getparam", "sched_getparam",
"sched_get_priority_max",
"sched_get_priority_min",
"sched_getscheduler", "sched_getscheduler",
"sched_rr_get_interval", "sched_rr_get_interval",
"sched_setaffinity", "sched_setaffinity",
@ -281,6 +284,9 @@
"sendmmsg", "sendmmsg",
"sendmsg", "sendmsg",
"sendto", "sendto",
"set_robust_list",
"set_thread_area",
"set_tid_address",
"setfsgid", "setfsgid",
"setfsgid32", "setfsgid32",
"setfsuid", "setfsuid",
@ -301,11 +307,8 @@
"setreuid", "setreuid",
"setreuid32", "setreuid32",
"setrlimit", "setrlimit",
"set_robust_list",
"setsid", "setsid",
"setsockopt", "setsockopt",
"set_thread_area",
"set_tid_address",
"setuid", "setuid",
"setuid32", "setuid32",
"setxattr", "setxattr",
@ -339,21 +342,24 @@
"time", "time",
"timer_create", "timer_create",
"timer_delete", "timer_delete",
"timerfd_create",
"timerfd_gettime",
"timerfd_settime",
"timer_getoverrun", "timer_getoverrun",
"timer_gettime", "timer_gettime",
"timer_settime", "timer_settime",
"timerfd_create",
"timerfd_gettime",
"timerfd_settime",
"times", "times",
"tkill", "tkill",
"truncate", "truncate",
"truncate64", "truncate64",
"ugetrlimit", "ugetrlimit",
"umask", "umask",
"umount",
"umount2",
"uname", "uname",
"unlink", "unlink",
"unlinkat", "unlinkat",
"unshare",
"utime", "utime",
"utimensat", "utimensat",
"utimes", "utimes",
@ -363,12 +369,7 @@
"waitid", "waitid",
"waitpid", "waitpid",
"write", "write",
"writev", "writev"
"mount",
"umount2",
"reboot",
"name_to_handle_at",
"unshare"
], ],
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",
"args": [], "args": [],
@ -530,8 +531,7 @@
"names": [ "names": [
"s390_pci_mmio_read", "s390_pci_mmio_read",
"s390_pci_mmio_write", "s390_pci_mmio_write",
"s390_runtime_instr", "s390_runtime_instr"
"clone"
], ],
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",
"args": [], "args": [],
@ -748,9 +748,7 @@
"names": [ "names": [
"settimeofday", "settimeofday",
"stime", "stime",
"clock_settime", "clock_settime"
"clock_adjtime",
"adjtimex"
], ],
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",
"args": [], "args": [],
@ -775,6 +773,111 @@
] ]
}, },
"excludes": {} "excludes": {}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ERRNO",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
},
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
},
"errnoRet": 22
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": null,
"comment": "",
"includes": {
"caps": [
"CAP_AUDIT_WRITE"
]
},
"excludes": {}
} }
] ]
} }

5
skopeo.spec
View File

@ -46,7 +46,7 @@ Epoch: 1
Epoch: 2 Epoch: 2
%endif %endif
Version: 1.1.1 Version: 1.1.1
Release: 5.dev.git%{shortcommit0}%{?dist} Release: 6.dev.git%{shortcommit0}%{?dist}
Summary: Inspect container images and repositories on registries Summary: Inspect container images and repositories on registries
License: ASL 2.0 License: ASL 2.0
URL: %{git0} URL: %{git0}
@ -438,6 +438,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test %{_datadir}/%{name}/test
%changelog %changelog
* Tue Jun 30 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-6.dev.gitba8cbf5
- Update configuration files in containers-common
* Fri Jun 26 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-5.dev.gitba8cbf5 * Fri Jun 26 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-5.dev.gitba8cbf5
- autobuilt ba8cbf5 - autobuilt ba8cbf5

5
storage.conf
View File

@ -67,7 +67,7 @@ additionalimagestores = [
# squashed down to the default uid in the container. These images will have no # squashed down to the default uid in the container. These images will have no
# separation between the users in the container. Only supported for the overlay # separation between the users in the container. Only supported for the overlay
# and vfs drivers. # and vfs drivers.
#ignore_chown_errors = false #ignore_chown_errors = "false"
# Path to an helper program to use for mounting the file system instead of mounting it # Path to an helper program to use for mounting the file system instead of mounting it
# directly. # directly.
@ -76,6 +76,9 @@ additionalimagestores = [
# mountopt specifies comma separated list of extra mount options # mountopt specifies comma separated list of extra mount options
mountopt = "nodev,metacopy=on" mountopt = "nodev,metacopy=on"
# Set to skip a PRIVATE bind mount on the storage home directory.
# skip_mount_home = "false"
# Size is used to set a maximum size of the container image. # Size is used to set a maximum size of the container image.
# size = "" # size = ""