Codebase list golang-github-containers-common / 22319a9
Add missing values to containers.conf man bpage Fix some alphabetic sorting. Add missing default_network setting to containers.conf Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Daniel J Walsh 3 years ago
2 changed file(s) with 110 addition(s) and 101 deletion(s). Raw diff Collapse all Expand all
+107
-100
docs/containers.conf.5.md less more
4545 The containers table contains settings pertaining to the OCI runtime that can
4646 configure and manage the OCI runtime.
4747
48 **devices**=[]
49
50 List of devices.
51 Specified as 'device-on-host:device-on-container:permissions'.
52
53 Example: "/dev/sdc:/dev/xvdc:rwm".
54
55 **volumes**=[]
56
57 List of volumes.
58 Specified as "directory-on-host:directory-in-container:options".
59
60 Example: "/db:/var/lib/db:ro".
48 **annotations** = []
49 List of annotations. Specified as "key=value" pairs to be added to all containers.
50
51 Example: "run.oci.keep_original_groups=1"
6152
6253 **apparmor_profile**="container-default"
6354
6455 Used to change the name of the default AppArmor profile of container engines.
6556 The default profile name is "container-default".
66
67 **cgroupns**="private"
68
69 Default way to to create a cgroup namespace for the container.
70 Options are:
71 `private` Create private Cgroup Namespace for the container.
72 `host` Share host Cgroup Namespace with the container.
7357
7458 **cgroups**="enabled"
7559
7862 `enabled` Enable cgroup support within container
7963 `disabled` Disable cgroup support, will inherit cgroups from parent
8064 `no-conmon` Do not create a cgroup dedicated to conmon.
65
66 **cgroupns**="private"
67
68 Default way to to create a cgroup namespace for the container.
69 Options are:
70 `private` Create private Cgroup Namespace for the container.
71 `host` Share host Cgroup Namespace with the container.
8172
8273 **default_capabilities**=[]
8374
116107
117108 Example: "nofile=1024:2048".
118109
110 **devices**=[]
111
112 List of devices.
113 Specified as 'device-on-host:device-on-container:permissions'.
114
115 Example: "/dev/sdc:/dev/xvdc:rwm".
116
119117 **dns_options**=[]
120118
121119 List of default DNS options to be added to /etc/resolv.conf inside of the
200198 Create /etc/hosts for the container. By default, container engines manage
201199 /etc/hosts, automatically adding the container's own IP address.
202200
201 **pidns**="private"
202
203 Default way to to create a PID namespace for the container.
204 Options are:
205 `private` Create private PID Namespace for the container.
206 `host` Share host PID Namespace with the container.
207
203208 **pids_limit**=1024
204209
205210 Maximum number of processes allowed in a container. 0 indicates that no limit
206211 is imposed.
207
208 **pidns**="private"
209
210 Default way to to create a PID namespace for the container.
211 Options are:
212 `private` Create private PID Namespace for the container.
213 `host` Share host PID Namespace with the container.
214212
215213 **seccomp_profile**="/usr/share/containers/seccomp.json"
216214
239237
240238 Sets umask inside the container.
241239
240 **userns**="host"
241
242 Default way to to create a USER namespace for the container.
243 Options are:
244 `private` Create private USER Namespace for the container.
245 `host` Share host USER Namespace with the container.
246
247 **userns_size**=65536
248
249 Number of UIDs to allocate for the automatic container creation. UIDs are
250 allocated from the “container” UIDs listed in /etc/subuid & /etc/subgid.
251
242252 **utsns**="private"
243253
244254 Default way to to create a UTS namespace for the container.
246256 `private` Create private UTS Namespace for the container.
247257 `host` Share host UTS Namespace with the container.
248258
249 **userns**="host"
250
251 Default way to to create a USER namespace for the container.
252 Options are:
253 `private` Create private USER Namespace for the container.
254 `host` Share host USER Namespace with the container.
255
256 **userns_size**=65536
257
258 Number of UIDs to allocate for the automatic container creation. UIDs are
259 allocated from the “container” UIDs listed in /etc/subuid & /etc/subgid.
260259
261260 ## NETWORK TABLE
262261 The `network` table contains settings pertaining to the management of CNI
274273
275274 Path to the directory where CNI configuration files are located.
276275
276 **volumes**=[]
277
278 List of volumes.
279 Specified as "directory-on-host:directory-in-container:options".
280
281 Example: "/db:/var/lib/db:ro".
282
277283 ## ENGINE TABLE
278284 The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
279285
280 **image_default_format**="oci"|"v2s2"|"v2s1"
281
282 Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
283 container images. By default images pulled and pushed match the format of the
284 source image. Building/committing defaults to OCI.
285 Note: **image_build_format** is deprecated.
286 **active_service**=""
287
288 Name of destination for accessing the Podman service. See SERVICE DESTINATION TABLE below.
286289
287290 **cgroup_check**=false
288291
349352
350353 Path to the OCI hooks directories for automatically executed hooks.
351354
355 **image_default_format**="oci"|"v2s2"|"v2s1"
356
357 Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
358 container images. By default images pulled and pushed match the format of the
359 source image. Building/committing defaults to OCI.
360 Note: **image_build_format** is deprecated.
361
352362 **image_default_transport**="docker://"
353363
354364 Default transport method for pulling and pushing images.
365
366 **image_parallel_copies**=0
367
368 Maximum number of image layers to be copied (pulled/pushed) simultaneously.
369 Not setting this field will fall back to containers/image defaults. (6)
355370
356371 **infra_command**="/pause"
357372
363378 pod, we start a `pause` process in a container to hold open the namespaces
364379 associated with the pod. This container does nothing other then sleep,
365380 reserving the pods resources for the lifetime of the pod.
366
367 **image_parallel_copies**=0
368
369 Maximum number of image layers to be copied (pulled/pushed) simultaneously.
370 Not setting this field will fall back to containers/image defaults. (6)
371381
372382 **lock_type**="shm"
373383
410420 changed, a lock renumbering must be performed, using the
411421 `podman system renumber` command.
412422
413 **active_service**=""
414
415 Name of destination for accessing the Podman service.
416
417 **[service_destinations]**
423 **pull_policy**="always"|"missing"|"never"
424
425 Pull image before running or creating a container. The default is **missing**.
426
427 - **missing**: attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist. Raise an error if the image is not in any listed registry and is not present locally.
428 - **always**: pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally.
429 - **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
430
431 **remote** = false
432 Indicates whether the application should be running in remote mode. This flag modifies the
433 --remote option on container engines. Setting the flag to true will default `podman --remote=true` for access to the remote Podman service.
434
435 **runtime**=""
436
437 Default OCI specific runtime in runtimes that will be used by default. Must
438 refer to a member of the runtimes table. Default runtime will be searched for
439 on the system using the priority: "crun", "runc", "kata".
440
441 **runtime_supports_json**=["crun", "runc", "kata"]
442
443 The list of the OCI runtimes that support `--format=json`.
444
445 **runtime_supports_nocgroups**=["crun"]
446
447 The list of OCI runtimes that support running containers without CGroups.
448
449 **runtime_supports_kvm**=["kata"]
450
451 The list of OCI runtimes that support running containers with KVM separation.
452
453 **static_dir**="/var/lib/containers/storage/libpod"
454
455 Directory for persistent libpod files (database, etc).
456 By default this will be configured relative to where containers/storage
457 stores containers.
458
459 **stop_timeout**=10
460
461 Number of seconds to wait for container to exit before sending kill signal.
462
463 **tmp_dir**="/run/libpod"
464
465 The path to a temporary directory to store per-boot container.
466 Must be a tmpfs (wiped after reboot).
467
468 ## SERVICE DESTINATION TABLE
469 The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API.
418470
419471 **[service_destinations.{name}]**
420
472 URI to access the Podman service
421473 **uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock"**
422474
423475 Example URIs:
430482 **identity="~/.ssh/id_rsa**
431483
432484 Path to file containing ssh identity key
433
434 **pull_policy**="always"|"missing"|"never"
435
436 Pull image before running or creating a container. The default is **missing**.
437
438 - **missing**: attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist. Raise an error if the image is not in any listed registry and is not present locally.
439 - **always**: pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally.
440 - **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
441
442 **remote** = false
443 Indicates whether the application should be running in remote mode. This flag modifies the
444 --remote option on container engines. Setting the flag to true will default `podman --remote=true` for access to the remote Podman service.
445
446 **runtime**=""
447
448 Default OCI specific runtime in runtimes that will be used by default. Must
449 refer to a member of the runtimes table. Default runtime will be searched for
450 on the system using the priority: "crun", "runc", "kata".
451
452 **runtime_supports_json**=["crun", "runc", "kata"]
453
454 The list of the OCI runtimes that support `--format=json`.
455
456 **runtime_supports_nocgroups**=["crun"]
457
458 The list of OCI runtimes that support running containers without CGroups.
459
460 **runtime_supports_kvm**=["kata"]
461
462 The list of OCI runtimes that support running containers with KVM separation.
463
464 **static_dir**="/var/lib/containers/storage/libpod"
465
466 Directory for persistent libpod files (database, etc).
467 By default this will be configured relative to where containers/storage
468 stores containers.
469
470 **stop_timeout**=10
471
472 Number of seconds to wait for container to exit before sending kill signal.
473
474 **tmp_dir**="/run/libpod"
475
476 The path to a temporary directory to store per-boot container.
477 Must be a tmpfs (wiped after reboot).
478485
479486 **volume_path**="/var/lib/containers/storage/volumes"
480487
+3
-1
pkg/config/containers.conf less more
7272 "SYS_CHROOT"
7373 ]
7474
75
7675 # A list of sysctls to be set in containers by default,
7776 # specified as "name=value",
7877 # for example:"net.ipv4.ping_group_range = 0 0".
239238 # Path to directory where CNI plugin binaries are located.
240239 #
241240 # cni_plugin_dirs = ["/usr/libexec/cni"]
241
242 # The network name of the default CNI network to attach pods to.
243 # default_network = "podman"
242244
243245 # Path to the directory where CNI configuration files are located.
244246 #