mirror of https://github.com/containers/podman.git
				
				
				
			
		
			
				
	
	
		
			182 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
			
		
		
	
	
			182 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
| # libpod.conf is the default configuration file for all tools using libpod to
 | |
| # manage containers
 | |
| 
 | |
| # Default transport method for pulling and pushing for images
 | |
| image_default_transport = "docker://"
 | |
| 
 | |
| # Paths to look for the conmon container manager binary.
 | |
| # If the paths are empty or no valid path was found, then the `$PATH`
 | |
| # environment variable will be used as the fallback.
 | |
| conmon_path = [
 | |
| 	    "/usr/libexec/podman/conmon",
 | |
| 	    "/usr/local/libexec/podman/conmon",
 | |
| 	    "/usr/local/lib/podman/conmon",
 | |
| 	    "/usr/bin/conmon",
 | |
| 	    "/usr/sbin/conmon",
 | |
| 	    "/usr/local/bin/conmon",
 | |
| 	    "/usr/local/sbin/conmon",
 | |
| 	    "/run/current-system/sw/bin/conmon",
 | |
| ]
 | |
| 
 | |
| # Environment variables to pass into conmon
 | |
| conmon_env_vars = [
 | |
| 		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 | |
| ]
 | |
| 
 | |
| # CGroup Manager - valid values are "systemd" and "cgroupfs"
 | |
| cgroup_manager = "systemd"
 | |
| 
 | |
| # Container init binary
 | |
| #init_path = "/usr/libexec/podman/catatonit"
 | |
| 
 | |
| # Directory for persistent libpod files (database, etc)
 | |
| # By default, this will be configured relative to where containers/storage
 | |
| # stores containers
 | |
| # Uncomment to change location from this default
 | |
| #static_dir = "/var/lib/containers/storage/libpod"
 | |
| 
 | |
| # Directory for temporary files. Must be tmpfs (wiped after reboot)
 | |
| tmp_dir = "/var/run/libpod"
 | |
| 
 | |
| # Maximum size of log files (in bytes)
 | |
| # -1 is unlimited
 | |
| max_log_size = -1
 | |
| 
 | |
| # Whether to use chroot instead of pivot_root in the runtime
 | |
| no_pivot_root = false
 | |
| 
 | |
| # Directory containing CNI plugin configuration files
 | |
| cni_config_dir = "/etc/cni/net.d/"
 | |
| 
 | |
| # Directories where the CNI plugin binaries may be located
 | |
| cni_plugin_dir = [
 | |
| 	       "/usr/libexec/cni",
 | |
| 	       "/usr/lib/cni",
 | |
| 	       "/usr/local/lib/cni",
 | |
| 	       "/opt/cni/bin"
 | |
| ]
 | |
| 
 | |
| # Default CNI network for libpod.
 | |
| # If multiple CNI network configs are present, libpod will use the network with
 | |
| # the name given here for containers unless explicitly overridden.
 | |
| # The default here is set to the name we set in the
 | |
| # 87-podman-bridge.conflist included in the repository.
 | |
| # Not setting this, or setting it to the empty string, will use normal CNI
 | |
| # precedence rules for selecting between multiple networks.
 | |
| cni_default_network = "podman"
 | |
| 
 | |
| # Default libpod namespace
 | |
| # If libpod is joined to a namespace, it will see only containers and pods
 | |
| # that were created in the same namespace, and will create new containers and
 | |
| # pods in that namespace.
 | |
| # The default namespace is "", which corresponds to no namespace. When no
 | |
| # namespace is set, all containers and pods are visible.
 | |
| #namespace = ""
 | |
| 
 | |
| # Default infra (pause) image name for pod infra containers
 | |
| infra_image = "k8s.gcr.io/pause:3.1"
 | |
| 
 | |
| # Default command to run the infra container
 | |
| infra_command = "/pause"
 | |
| 
 | |
| # Determines whether libpod will reserve ports on the host when they are
 | |
| # forwarded to containers. When enabled, when ports are forwarded to containers,
 | |
| # they are held open by conmon as long as the container is running, ensuring that
 | |
| # they cannot be reused by other programs on the host. However, this can cause
 | |
| # significant memory usage if a container has many ports forwarded to it.
 | |
| # Disabling this can save memory.
 | |
| #enable_port_reservation = true
 | |
| 
 | |
| # Default libpod support for container labeling
 | |
| # label=true
 | |
| 
 | |
| # The locking mechanism to use
 | |
| lock_type = "shm"
 | |
| 
 | |
| # Number of locks available for containers and pods.
 | |
| # If this is changed, a lock renumber must be performed (e.g. with the
 | |
| # 'podman system renumber' command).
 | |
| num_locks = 2048
 | |
| 
 | |
| # Directory for libpod named volumes.
 | |
| # By default, this will be configured relative to where containers/storage
 | |
| # stores containers.
 | |
| # Uncomment to change location from this default.
 | |
| #volume_path = "/var/lib/containers/storage/volumes"
 | |
| 
 | |
| # Selects which logging mechanism to use for Podman events.  Valid values
 | |
| # are `journald` or `file`.
 | |
| # events_logger = "journald"
 | |
| 
 | |
| # Specify the keys sequence used to detach a container.
 | |
| # Format is a single character [a-Z] or a comma separated sequence of
 | |
| # `ctrl-<value>`, where `<value>` is one of:
 | |
| # `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_`
 | |
| #
 | |
| # detach_keys = "ctrl-p,ctrl-q"
 | |
| 
 | |
| # Default OCI runtime
 | |
| runtime = "runc"
 | |
| 
 | |
| # List of the OCI runtimes that support --format=json.  When json is supported
 | |
| # libpod will use it for reporting nicer errors.
 | |
| runtime_supports_json = ["crun", "runc"]
 | |
| 
 | |
| # List of all the OCI runtimes that support --cgroup-manager=disable to disable
 | |
| # creation of CGroups for containers.
 | |
| runtime_supports_nocgroups = ["crun"]
 | |
| 
 | |
| # Paths to look for a valid OCI runtime (runc, runv, etc)
 | |
| # If the paths are empty or no valid path was found, then the `$PATH`
 | |
| # environment variable will be used as the fallback.
 | |
| [runtimes]
 | |
| runc = [
 | |
| 	    "/usr/bin/runc",
 | |
| 	    "/usr/sbin/runc",
 | |
| 	    "/usr/local/bin/runc",
 | |
| 	    "/usr/local/sbin/runc",
 | |
| 	    "/sbin/runc",
 | |
| 	    "/bin/runc",
 | |
| 	    "/usr/lib/cri-o-runc/sbin/runc",
 | |
| 	    "/run/current-system/sw/bin/runc",
 | |
| ]
 | |
| 
 | |
| crun = [
 | |
| 		"/usr/bin/crun",
 | |
| 		"/usr/sbin/crun",
 | |
| 		"/usr/local/bin/crun",
 | |
| 		"/usr/local/sbin/crun",
 | |
| 		"/sbin/crun",
 | |
| 		"/bin/crun",
 | |
| 		"/run/current-system/sw/bin/crun",
 | |
| ]
 | |
| 
 | |
| # Kata Containers is an OCI runtime, where containers are run inside lightweight
 | |
| # Virtual Machines (VMs). Kata provides additional isolation towards the host,
 | |
| # minimizing the host attack surface and mitigating the consequences of
 | |
| # containers breakout.
 | |
| # Please notes that Kata does not support rootless podman yet, but we can leave
 | |
| # the paths below blank to let them be discovered by the $PATH environment
 | |
| # variable.
 | |
| 
 | |
| # Kata Containers with the default configured VMM
 | |
| kata-runtime = [
 | |
|     "/usr/bin/kata-runtime",
 | |
| ]
 | |
| 
 | |
| # Kata Containers with the QEMU VMM
 | |
| kata-qemu = [
 | |
|     "/usr/bin/kata-qemu",
 | |
| ]
 | |
| 
 | |
| # Kata Containers with the Firecracker VMM
 | |
| kata-fc = [
 | |
|     "/usr/bin/kata-fc",
 | |
| ]
 | |
| 
 | |
| # The [runtimes] table MUST be the last thing in this file.
 | |
| # (Unless another table is added)
 | |
| # TOML does not provide a way to end a table other than a further table being
 | |
| # defined, so every key hereafter will be part of [runtimes] and not the main
 | |
| # config.
 |