rpms/skopeo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update configuration files in containers-common

Browse Source
This commit is contained in:
Daniel J Walsh 2020-06-30 05:32:42 -04:00
parent 123a90009f
commit b1155039f5
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
5 changed files with 151 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
containers-registries.conf.d.5.md
View File

@ -15,7 +15,8 @@ By default, the directory is located at `/etc/containers/registries.conf.d`.
Once the main configuration at `/etc/containers/registries.conf` is loaded, the
files in `/etc/containers/registries.conf.d` are loaded in alpha-numerical
order. Specified fields in a config will overwrite any previous setting. Note
order. Then the conf files in `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order, if they exist. If the `$HOME/.config/containers/registries.conf` is loaded, only the conf files under `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order.
Specified fields in a conf file will overwrite any previous setting. Note
that only files with the `.conf` prefix are loaded, other files and
sub-directories are ignored.

14
containers.conf
View File

@ -329,6 +329,14 @@
# Whether to pull new image before running a container
# pull_policy = "missing"
# Default Remote URI to access the Podman service.
# Examples:
# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
# rootfull "unix://run/podman/podman.sock.(Default)
# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
# remote_uri= ""
# Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage
# stores containers
@ -364,6 +372,9 @@
#
# runtime_supports_kvm = ["kata"]
# Number of seconds to wait for container to exit before sending kill signal.
# stop_timeout = 10
# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
[engine.runtimes]
# runc = [
@ -397,9 +408,6 @@
# "/usr/bin/kata-fc",
# ]
# Number of seconds to wait for container to exit before sending kill signal.
#stop_timeout = 10
# The [engine.runtimes] table MUST be the last entry in this file.
# (Unless another table is added)
# TOML does not provide a way to end a table other than a further table being

155
seccomp.json
View File

@ -52,6 +52,8 @@
"syscalls": [
{
"names": [
"_llseek",
"_newselect",
"accept",
"accept4",
"access",
@ -120,6 +122,8 @@
"ftruncate64",
"futex",
"futimesat",
"get_robust_list",
"get_thread_area",
"getcpu",
"getcwd",
"getdents",
@ -145,12 +149,10 @@
"getresuid",
"getresuid32",
"getrlimit",
"get_robust_list",
"getrusage",
"getsid",
"getsockname",
"getsockopt",
"get_thread_area",
"gettid",
"gettimeofday",
"getuid",
@ -161,13 +163,13 @@
"inotify_init1",
"inotify_rm_watch",
"io_cancel",
"ioctl",
"io_destroy",
"io_getevents",
"ioprio_get",
"ioprio_set",
"io_setup",
"io_submit",
"ioctl",
"ioprio_get",
"ioprio_set",
"ipc",
"keyctl",
"kill",
@ -179,7 +181,6 @@
"listen",
"listxattr",
"llistxattr",
"_llseek",
"lremovexattr",
"lseek",
"lsetxattr",
@ -197,6 +198,7 @@
"mlockall",
"mmap",
"mmap2",
"mount",
"mprotect",
"mq_getsetattr",
"mq_notify",
@ -213,9 +215,9 @@
"munlock",
"munlockall",
"munmap",
"name_to_handle_at",
"nanosleep",
"newfstatat",
"_newselect",
"open",
"openat",
"pause",
@ -238,6 +240,7 @@
"readlink",
"readlinkat",
"readv",
"reboot",
"recv",
"recvfrom",
"recvmmsg",
@ -257,11 +260,11 @@
"rt_sigsuspend",
"rt_sigtimedwait",
"rt_tgsigqueueinfo",
"sched_get_priority_max",
"sched_get_priority_min",
"sched_getaffinity",
"sched_getattr",
"sched_getparam",
"sched_get_priority_max",
"sched_get_priority_min",
"sched_getscheduler",
"sched_rr_get_interval",
"sched_setaffinity",
@ -281,6 +284,9 @@
"sendmmsg",
"sendmsg",
"sendto",
"set_robust_list",
"set_thread_area",
"set_tid_address",
"setfsgid",
"setfsgid32",
"setfsuid",
@ -301,11 +307,8 @@
"setreuid",
"setreuid32",
"setrlimit",
"set_robust_list",
"setsid",
"setsockopt",
"set_thread_area",
"set_tid_address",
"setuid",
"setuid32",
"setxattr",
@ -339,21 +342,24 @@
"time",
"timer_create",
"timer_delete",
"timerfd_create",
"timerfd_gettime",
"timerfd_settime",
"timer_getoverrun",
"timer_gettime",
"timer_settime",
"timerfd_create",
"timerfd_gettime",
"timerfd_settime",
"times",
"tkill",
"truncate",
"truncate64",
"ugetrlimit",
"umask",
"umount",
"umount2",
"uname",
"unlink",
"unlinkat",
"unshare",
"utime",
"utimensat",
"utimes",
@ -363,12 +369,7 @@
"waitid",
"waitpid",
"write",
"writev",
"mount",
"umount2",
"reboot",
"name_to_handle_at",
"unshare"
"writev"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
@ -530,8 +531,7 @@
"names": [
"s390_pci_mmio_read",
"s390_pci_mmio_write",
"s390_runtime_instr",
"clone"
"s390_runtime_instr"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
@ -748,9 +748,7 @@
"names": [
"settimeofday",
"stime",
"clock_settime",
"clock_adjtime",
"adjtimex"
"clock_settime"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
@ -775,6 +773,111 @@
]
},
"excludes": {}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ERRNO",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
},
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
},
"errnoRet": 22
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": null,
"comment": "",
"includes": {
"caps": [
"CAP_AUDIT_WRITE"
]
},
"excludes": {}
}
]
}

5
skopeo.spec
View File

@ -46,7 +46,7 @@ Epoch: 1
Epoch: 2
%endif
Version: 1.1.1
Release: 5.dev.git%{shortcommit0}%{?dist}
Release: 6.dev.git%{shortcommit0}%{?dist}
Summary: Inspect container images and repositories on registries
License: ASL 2.0
URL: %{git0}
@ -438,6 +438,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test
%changelog
* Tue Jun 30 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-6.dev.gitba8cbf5
- Update configuration files in containers-common
* Fri Jun 26 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-5.dev.gitba8cbf5
- autobuilt ba8cbf5

5
storage.conf
View File

@ -67,7 +67,7 @@ additionalimagestores = [
# squashed down to the default uid in the container. These images will have no
# separation between the users in the container. Only supported for the overlay
# and vfs drivers.
#ignore_chown_errors = false
#ignore_chown_errors = "false"
# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
@ -76,6 +76,9 @@ additionalimagestores = [
# mountopt specifies comma separated list of extra mount options
mountopt = "nodev,metacopy=on"
# Set to skip a PRIVATE bind mount on the storage home directory.
# skip_mount_home = "false"
# Size is used to set a maximum size of the container image.
# size = ""