There is really no need to limit reading the config under
$XDG_CONFIG_HOME or $HOME to rootless users only. This poses two
problems, first on a multi user system any config that should be only
applied to root in /etc will also be read by all other users which makes
this impossible to use without having all user overwrite that option
with their local containers.conf. If we read the config from $HOME as
root as well then such changes are easy.
Second, because connections/farms are currently written by the cli it
means as root is tries to write under /etc which is not good as in some
envs /etc is mounted read only.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We have not supported type=bind image volumes since pre-1.0
Podman - we phased them out when we added support for actual
volumes. Also, our image volume valid modes checker did not even
allow the actual default (anonymous). This is technically a
breaking change, so it will go into Podman 5.0 - but I strongly
doubt anyone is actually using this field if no one has noticed
this issue before now.
Signed-off-by: Matt Heon <mheon@redhat.com>
When addtionalHelperBinariesDir is set, first search that path for helper binaries, then the default locations.
Signed-off-by: Ashley Cui <acui@redhat.com>
This fixes a regression in
https://github.com/containers/podman/pull/19241 which quite reasonably
assumed that the default image volume mode from pkg/config was correct.
Signed-off-by: Doug Rabson <dfr@rabson.org>
After installing podman via brew, I expected a locally compiled one to
work as well. But it failed as it could not find gvproxy. It turns out
that brew installs it at /opt/homebrew/opt/podman/libexec/podman/gvproxy,
so I want the directory to be part of the default look-up paths.
Same applies to the `/usr/local/opt` paths used on Intel Macs. Also
rearrange the order a bit.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The correct location on FreeBSD is /usr/local/etc/containers/policy.json
which is consistent with path conventions for installed packages. This
fixes 'podman commit' on FreeBSD.
There are several definitions of this path:
- c/image/signature has builtinDefaultPolicyPath and DefaultPolicy
- c/podman/pkg/trust has systemDefaultPolicyPath and DefaultPolicyPath
- c/common/pkg/config has DefaultSignaturePolicyPath
As far as I can tell, buildah uses c/image/signature which is why 'buildah
commit' was already working for me. Podman is using the c/common one. Very
confusing.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Look for helpers such as `gvproxy` under `$BINDIR/../libexec/podman`, which
helps this work on distributions such as Homebrew without the need to hardcode
paths into the binary, which makes a pre-built binary distribution work
regardless of the installation prefix.
Tested: Updated vendored package in podman, built it with `podman-remote`,
copied `gvproxy` to a `libexec/podman` at the same level as `bin/podman` and
confirmed that `podman machine start` worked as expected.
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
This field contains a list of directories which should be used to store
some helper binaries, e.g. gvproxy.
Also add a FindHelperBinary method to the config struct to get the full
path to a helper binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On Mac and Windows, automtically read default rootless config location, since
unshare.IsRootless doesn't work.
Signed-off-by: Ashley Cui <acui@redhat.com>
podman remote clients that run on windows and darwin cannot use the isRootless to determine the configuration file locations. here we do by OS and also honor the environment variable.
Signed-off-by: Brent Baude <bbaude@redhat.com>
openshift-merge-bot[bot]
Paul Holzinger
Matt Heon
Ashley Cui
Doug Rabson
Valentin Rothberg
Filipe Brandenburger
Daniel J Walsh
Brent Baude