From c154afe160e02904e5ddbc3c44749a33a438c23c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 11 Apr 2019 13:26:15 -0400 Subject: [PATCH] add containers-storage.conf man page --- containers-storage.conf.5.md | 37 +++++++++++++++++++++++++++++++----- skopeo.spec | 7 ++++++- 2 files changed, 38 insertions(+), 6 deletions(-) diff --git a/containers-storage.conf.5.md b/containers-storage.conf.5.md index 8e80934..6183725 100644 --- a/containers-storage.conf.5.md +++ b/containers-storage.conf.5.md @@ -1,16 +1,16 @@ -% storage.conf(5) Container Storage Configuration File +% containers-storage.conf(5) Container Storage Configuration File % Dan Walsh % May 2017 # NAME storage.conf - Syntax of Container Storage configuration file -# DESCRIPTION +## DESCRIPTION The STORAGE configuration file specifies all of the available container storage options for tools using shared container storage, but in a TOML format that can be more easily modified and versioned. -# FORMAT +## FORMAT The [TOML format][toml] is used as the encoding of the configuration file. Every option and subtable listed here is nested under a global "storage" table. No bare options are used. The format of TOML can be simplified to: @@ -129,8 +129,35 @@ Specifies the maximum number of retries XFS should attempt to complete IO when E Tell storage drivers to use the specified OSTree repository. Some storage drivers, such as overlay, might use **skip_mount_home=""** - Tell storage drivers to not create a PRIVATE bind mount on their home directory. +Tell storage drivers to not create a PRIVATE bind mount on their home directory. -# HISTORY +## SElinux labeling. + +When running on an SELinux system, if you move the containers storage graphroot directory, you must make sure the labeling is correct. + +Tell SELinux about the new containers storage by setting up an equivalence record. +This tells SELinux to label content under the new path, as if it was stored +under `/var/lib/containers/storage`. + +``` +semanage fcontext -a -e /var/lib/containers NEWSTORAGEPATH +restorecon -R -v /src/containers +``` + +The semanage command above tells SELinux to setup the default labeling of +`NEWSTORAGEPATH` to match `/var/lib/containers`. The `restorecon` command +tells SELinux to apply the labels to the actual content. + +Now all new content created in these directories will automatically be created +with the correct label. + +## SEE ALSO +`semanage(8)`, `restorecon(8)` + +## FILES + +Distributions often provide a /usr/share/containers/storage.conf file to define default storage configuration. Administrators can override this file by creating `/etc/containers/storage.conf` to specify their own configuration. The storage.conf file for rootless users is stored in the $HOME/.config/containers/storage.conf file. + +## HISTORY May 2017, Originally compiled by Dan Walsh Format copied from crio.conf man page created by Aleksa Sarai diff --git a/skopeo.spec b/skopeo.spec index 9117cf4..b848234 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -39,7 +39,7 @@ Epoch: 1 Epoch: 0 %endif Version: 0.1.36 -Release: 9.dev.git%{shortcommit0}%{?dist} +Release: 10.dev.git%{shortcommit0}%{?dist} Summary: Inspect Docker images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -51,6 +51,7 @@ Source4: containers-registries.conf.5.md Source5: registries.conf Source6: policy.json.5.md Source7: seccomp.json +Source8: containers-mounts.conf.5.md %if 0%{?fedora} BuildRequires: go-srpm-macros @@ -288,6 +289,7 @@ go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries. install -p -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/ mkdir -p %{buildroot}%{_sysconfdir}/containers/certs.d go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/policy.json.5 +go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5 mkdir -p %{buildroot}%{_datadir}/containers install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf @@ -384,6 +386,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/bash-completion/completions/%{name} %changelog +* Thu Apr 11 2019 Dan Walsh - 1:0.1.36-10.dev.gitc73bcba +- add containers-storage.conf man page + * Tue Apr 09 2019 Lokesh Mandvekar (Bot) - 1:0.1.36-9.dev.gitc73bcba - autobuilt c73bcba