From e1ecba0502c80b105ec0a200b569166e50ae5ed0 Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Mon, 14 Jun 2021 12:25:44 +0200 Subject: [PATCH] skopeo-1.3.0-5.el9 - configure for RHEL9 - Related: #1970747 Signed-off-by: Jindrich Novy --- containers.conf | 5 +++++ seccomp.json | 1 + skopeo.spec | 6 +++++- storage.conf | 2 +- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/containers.conf b/containers.conf index 8770ebd..76cc72d 100644 --- a/containers.conf +++ b/containers.conf @@ -60,6 +60,7 @@ # the default capabilities defined in the container engine will be added. # default_capabilities = [ + "NET_RAW", "CHOWN", "DAC_OVERRIDE", "FOWNER", @@ -312,6 +313,7 @@ default_sysctls = [ # Valid values are `journald`, `file` and `none`. # # events_logger = "journald" +events_logger = "file" # Path to OCI hooks directories for automatically executed hooks. # @@ -333,6 +335,7 @@ default_sysctls = [ # reserving the pods resources for the lifetime of the pod. # # infra_image = "k8s.gcr.io/pause:3.4.1" +infra_image = "registry.access.redhat.com/ubi9/pause" # Specify the locking mechanism to use; valid values are "shm" and "file". # Change the default only if you are sure of what you are doing, in general @@ -410,6 +413,7 @@ default_sysctls = [ # Default OCI runtime # # runtime = "crun" +runtime = "crun" # List of the OCI runtimes that support --format=json. When json is supported # engine will use it for reporting nicer errors. @@ -494,3 +498,4 @@ default_sysctls = [ # TOML does not provide a way to end a table other than a further table being # defined, so every key hereafter will be part of [volume_plugins] and not the # main config. +short-names-mode = "enforcing" diff --git a/seccomp.json b/seccomp.json index 8d799fd..ce72dce 100644 --- a/seccomp.json +++ b/seccomp.json @@ -341,6 +341,7 @@ "signalfd", "signalfd4", "sigreturn", + "socket", "socketcall", "socketpair", "splice", diff --git a/skopeo.spec b/skopeo.spec index ccd302d..b2f09eb 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -30,7 +30,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl Epoch: 1 Name: skopeo Version: 1.3.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Inspect container images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -241,6 +241,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/%{name}/test %changelog +* Mon Jun 14 2021 Jindrich Novy - 1:1.3.0-5 +- configure for RHEL9 +- Related: #1970747 + * Mon Jun 14 2021 Jindrich Novy - 1:1.3.0-4 - add missing containers-mounts.conf.5.md file to git - don't list/install the same doc twice diff --git a/storage.conf b/storage.conf index e70f4f0..7372e5a 100644 --- a/storage.conf +++ b/storage.conf @@ -74,7 +74,7 @@ additionalimagestores = [ #mount_program = "/usr/bin/fuse-overlayfs" # mountopt specifies comma separated list of extra mount options -mountopt = "nodev" +mountopt = "nodev,metacopy=on" # Set to skip a PRIVATE bind mount on the storage home directory. # skip_mount_home = "false"