mirror of https://github.com/containers/podman.git
2c0f404826
These annotations can have security implications - crun, for example, allows rootless containers to preserve the user's groups through an annotation. We absolutely should not include annotations from an untrusted image off the internet by default. We may consider whitelisting some annotations (e.g. the legacy WASM annotations), but given that there is now a more explicit way of specifying an image uses the WASM runtime in the OCI image spec, I'm just tearing this out entirely for now. Signed-off-by: Matt Heon <mheon@redhat.com> |
||
|---|---|---|
| .. | ||
| Containerfile | ||
| Containerfile.path | ||
| Containerfile.volume | ||
| Containerfile.with_label | ||