From eccd6f11b881d51bbb4691c0d12b72d16cd60ca9 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Mon, 29 Jan 2024 18:41:32 +0100 Subject: container-host-config:storage.conf: sync with libpod v4.8.2 The current storage.conf is based on v1.33.0 of: https://github.com/containers/storage.git while in podman v4.8.2, it has been upgraded to v1.50.3-0.20231005112617-44418abb2d89 of: https://github.com/containers/storage.git let's sync it with podman v4.8.2. which comprises the following commits in storage.conf: ``` 42d1d9637 Run codespell on code 91da0c2be add documentation on imagestore and add a warning if set 01fccaa58 options: enable Remap-User/Group setting e125790e9 Fix typo in storage.conf 57582350c Document transient_store in man page 522b67c94 Add new storage.conf option "transient_store" 5e9e2ba6b Revert incorrect "heeded" -> "needed" typo fix cffa19709 fix typos and spelling 268af0001 chunked: drop host dedup feature b64cfb4f4 Document the pull_options 17fccdc2d Clearup inheritance rules for storage.conf 3c76f174d Tell users who change graphroot location to fix the SELinux labels ``` Signed-off-by: Ming Liu Signed-off-by: Bruce Ashfield --- .../container-host-config/storage.conf | 62 +++++++++++++++++++--- 1 file changed, 55 insertions(+), 7 deletions(-) diff --git a/recipes-containers/container-host-config/container-host-config/storage.conf b/recipes-containers/container-host-config/container-host-config/storage.conf index 722750c0..cb4525f2 100644 --- a/recipes-containers/container-host-config/container-host-config/storage.conf +++ b/recipes-containers/container-host-config/container-host-config/storage.conf @@ -1,5 +1,14 @@ -# This file is is the configuration file for all tools -# that use the containers/storage library. +# This file is the configuration file for all tools +# that use the containers/storage library. The storage.conf file +# overrides all other storage.conf files. Container engines using the +# container/storage library do not inherit fields from other storage.conf +# files. +# +# Note: The storage.conf file overrides other storage.conf files based on this precedence: +# /usr/containers/storage.conf +# /etc/containers/storage.conf +# $HOME/.config/containers/storage.conf +# $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set) # See man 5 containers-storage.conf for more information # The "container storage" table contains all of the server options. [storage] @@ -11,12 +20,28 @@ driver = "overlay" runroot = "/run/containers/storage" # Primary Read/Write location of container storage +# When changing the graphroot location on an SELINUX system, you must +# ensure the labeling matches the default locations labels with the +# following commands: +# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH +# restorecon -R -v /NEWSTORAGEPATH graphroot = "/var/lib/containers/storage" +# Optional alternate location of image store if a location separate from the +# container store is required. If set, it must be different than graphroot. +# imagestore = "" + + # Storage path for rootless users # # rootless_storage_path = "$HOME/.local/share/containers/storage" +# Transient store mode makes all container metadata be saved in temporary storage +# (i.e. runroot above). This is faster, but doesn't persist across reboots. +# Additional garbage collection must also be performed at boot-time, so this +# option should remain disabled in most configurations. +# transient_store = true + [storage.options] # Storage options to be passed to underlying storage drivers @@ -25,6 +50,28 @@ graphroot = "/var/lib/containers/storage" additionalimagestores = [ ] +# Allows specification of how storage is populated when pulling images. This +# option can speed the pulling process of images compressed with format +# zstd:chunked. Containers/storage looks for files within images that are being +# pulled from a container registry that were previously pulled to the host. It +# can copy or create a hard link to the existing file when it finds them, +# eliminating the need to pull them from the container registry. These options +# can deduplicate pulling of content, disk storage of content and can allow the +# kernel to use less memory when running containers. + +# containers/storage supports three keys +# * enable_partial_images="true" | "false" +# Tells containers/storage to look for files previously pulled in storage +# rather then always pulling them from the container registry. +# * use_hard_links = "false" | "true" +# Tells containers/storage to use hard links rather then create new files in +# the image, if an identical file already existed in storage. +# * ostree_repos = "" +# Tells containers/storage where an ostree repository exists that might have +# previously pulled content which can be used when attempting to avoid +# pulling content from the container registry +pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""} + # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of # a container, to the UIDs/GIDs as they should appear outside of the container, # and the length of the range of UIDs/GIDs. Additional mapped sets can be @@ -32,8 +79,8 @@ additionalimagestores = [ # mappings which the kernel will allow when you later attempt to run a # container. # -# remap-uids = 0:1668442479:65536 -# remap-gids = 0:1668442479:65536 +# remap-uids = "0:1668442479:65536" +# remap-gids = "0:1668442479:65536" # Remap-User/Group is a user name which can be used to look up one or more UID/GID # ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting @@ -41,7 +88,8 @@ additionalimagestores = [ # range that matches the specified name, and using the length of that range. # Additional ranges are then assigned, using the ranges which specify the # lowest host-level IDs first, to the lowest not-yet-mapped in-container ID, -# until all of the entries have been used for maps. +# until all of the entries have been used for maps. This setting overrides the +# Remap-UIDs/GIDs setting. # # remap-user = "containers" # remap-group = "containers" @@ -57,7 +105,7 @@ additionalimagestores = [ # Auto-userns-min-size is the minimum size for a user namespace created automatically. # auto-userns-min-size=1024 # -# Auto-userns-max-size is the minimum size for a user namespace created automatically. +# Auto-userns-max-size is the maximum size for a user namespace created automatically. # auto-userns-max-size=65536 [storage.options.overlay] @@ -113,7 +161,7 @@ mountopt = "nodev" # future. When "force_mask" is set the original permission mask is stored in # the "user.containers.override_stat" xattr and the "mount_program" option must # be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the -# extended attribute permissions to processes within containers rather then the +# extended attribute permissions to processes within containers rather than the # "force_mask" permissions. # # force_mask = "" -- cgit v1.2.3-54-g00ecf