This fixes 'podman build' and 'buildah build' on non-linux platforms
where (*Config).Capabilities started throwing errors after the
pkg/capabilities package started using github.com/moby/sys/capability to
validate the capability lists.
Signed-off-by: Doug Rabson <dfr@rabson.org>
There is really no need to limit reading the config under
$XDG_CONFIG_HOME or $HOME to rootless users only. This poses two
problems, first on a multi user system any config that should be only
applied to root in /etc will also be read by all other users which makes
this impossible to use without having all user overwrite that option
with their local containers.conf. If we read the config from $HOME as
root as well then such changes are easy.
Second, because connections/farms are currently written by the cli it
means as root is tries to write under /etc which is not good as in some
envs /etc is mounted read only.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We have not supported type=bind image volumes since pre-1.0
Podman - we phased them out when we added support for actual
volumes. Also, our image volume valid modes checker did not even
allow the actual default (anonymous). This is technically a
breaking change, so it will go into Podman 5.0 - but I strongly
doubt anyone is actually using this field if no one has noticed
this issue before now.
Signed-off-by: Matt Heon <mheon@redhat.com>
This fixes a regression in
https://github.com/containers/podman/pull/19241 which quite reasonably
assumed that the default image volume mode from pkg/config was correct.
Signed-off-by: Doug Rabson <dfr@rabson.org>
The correct location on FreeBSD is /usr/local/etc/containers/policy.json
which is consistent with path conventions for installed packages. This
fixes 'podman commit' on FreeBSD.
There are several definitions of this path:
- c/image/signature has builtinDefaultPolicyPath and DefaultPolicy
- c/podman/pkg/trust has systemDefaultPolicyPath and DefaultPolicyPath
- c/common/pkg/config has DefaultSignaturePolicyPath
As far as I can tell, buildah uses c/image/signature which is why 'buildah
commit' was already working for me. Podman is using the c/common one. Very
confusing.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Change the check to look for the UID to decide whether to load the
default configuration files from the user directory instead of the
system path.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This field contains a list of directories which should be used to store
some helper binaries, e.g. gvproxy.
Also add a FindHelperBinary method to the config struct to get the full
path to a helper binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On Mac and Windows, automtically read default rootless config location, since
unshare.IsRootless doesn't work.
Signed-off-by: Ashley Cui <acui@redhat.com>
podman remote clients that run on windows and darwin cannot use the isRootless to determine the configuration file locations. here we do by OS and also honor the environment variable.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Doug Rabson
openshift-merge-bot[bot]
Paul Holzinger
Matt Heon
Giuseppe Scrivano
Ashley Cui
Daniel J Walsh
Brent Baude
Qi Wang