The default AppArmor profile is now prefixed with
`container-default-$VERSION`, whereas the version is now part of a new
`version` package.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
We need to normalize the capadd and capdrop functions, and
we need to return errors if the caller gives us bad input.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We need to identify the list of containers that support KVM separation, these
containers can run with a different SELinux label, and we might be able to
make different decisions in the container engines about how to launch these
containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
containers/common pkg/config is for more engines then just libpod.
We want to use the 'libpod' section to configure parts of buildah. Renaming this
section to engine, makes it more obvious to users that these fields can effect other
container engines.
Certain fields are still libpod specific, so we do not change those fields.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In NewConfig(), settings in the file whose name we're passed should
matter more than the hardwired default files, or the file named in the
CONTAINERS_CONF environment variable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
pull_policy is the same as podman run --pull option to determin whether to pull a new image when running a container.
Accepted "always", "missing", and "never". Default value is "missing".
Signed-off-by: Qi Wang <qiwan@redhat.com>
Replace pkg/caps with pkg/capabilities (from libpod). It's also a fork
from Docker but attributes its origing with copyright notes and has a
trimmed down (and faster) API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This is causing issues in rootless and remote mode. We should not be creating
directories on the fly.
Also stop exporting functions that are not used by Buildah and Podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The Capability check handles merging of Default capabiltiies along
with user specified add and drop capabilities.
Fork docker/docker/oci/caps file to prevent a huge vendor
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fix handling of toml files
No longer need merge, since we can specify a default conf for each toml file.
The toml code will retain the previous defaults and only use the newly specified
values.
This greatly simplifies the code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add configurations from libpod.conf to containers.conf.Use merge code from libpod to read and merge configurations from file.
Add unshare_linux for build linux: HomeDir should buildah not only for linux. so add unshare_linux for linux and unshare.go for other
convert bool to optinalbool:Use OptionalBool for on-disk configurations so we can distinguish field is undefined vs. user set to false.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Sascha Grunert
Daniel J Walsh
dependabot-preview[bot]
Qi Wang
Valentin Rothberg
Carlos Eduardo Arango Gutierrez