From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: Ming Liu <liu.ming50@gmail.com>
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization][PATCH] container-host-config:storage.conf: sync with libpod v4.8.2
Date: Thu, 1 Feb 2024 14:16:54 +0000 [thread overview]
Message-ID: <Zbun1rrQvn8Wi7Df@gmail.com> (raw)
In-Reply-To: <20240129174132.24445-1-liu.ming50@gmail.com>
In message: [meta-virtualization][PATCH] container-host-config:storage.conf: sync with libpod v4.8.2
on 29/01/2024 Ming Liu wrote:
> From: Ming Liu <liu.ming50@gmail.com>
>
> The current storage.conf is based on v1.33.0 of:
> https://github.com/containers/storage.git
>
> while in podman v4.8.2, it has been upgraded to
> v1.50.3-0.20231005112617-44418abb2d89 of:
> https://github.com/containers/storage.git
>
> let's sync it with podman v4.8.2.
>
> which comprises the following commits in storage.conf:
>
> ```
> 42d1d9637 Run codespell on code
> 91da0c2be add documentation on imagestore and add a warning if set
> 01fccaa58 options: enable Remap-User/Group setting
> e125790e9 Fix typo in storage.conf
> 57582350c Document transient_store in man page
> 522b67c94 Add new storage.conf option "transient_store"
> 5e9e2ba6b Revert incorrect "heeded" -> "needed" typo fix
> cffa19709 fix typos and spelling
> 268af0001 chunked: drop host dedup feature
> b64cfb4f4 Document the pull_options
> 17fccdc2d Clearup inheritance rules for storage.conf
> 3c76f174d Tell users who change graphroot location to fix the SELinux labels
> ```
While we don't have to keep this in sync directly with the
projects .. we haven't made any of our own changes to it yet,
so recynching it makes sense.
merged.
Bruce
>
> Signed-off-by: Ming Liu <liu.ming50@gmail.com>
> ---
> .../container-host-config/storage.conf | 62 ++++++++++++++++---
> 1 file changed, 55 insertions(+), 7 deletions(-)
>
> diff --git a/recipes-containers/container-host-config/container-host-config/storage.conf b/recipes-containers/container-host-config/container-host-config/storage.conf
> index 722750c0..cb4525f2 100644
> --- a/recipes-containers/container-host-config/container-host-config/storage.conf
> +++ b/recipes-containers/container-host-config/container-host-config/storage.conf
> @@ -1,5 +1,14 @@
> -# This file is is the configuration file for all tools
> -# that use the containers/storage library.
> +# This file is the configuration file for all tools
> +# that use the containers/storage library. The storage.conf file
> +# overrides all other storage.conf files. Container engines using the
> +# container/storage library do not inherit fields from other storage.conf
> +# files.
> +#
> +# Note: The storage.conf file overrides other storage.conf files based on this precedence:
> +# /usr/containers/storage.conf
> +# /etc/containers/storage.conf
> +# $HOME/.config/containers/storage.conf
> +# $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set)
> # See man 5 containers-storage.conf for more information
> # The "container storage" table contains all of the server options.
> [storage]
> @@ -11,12 +20,28 @@ driver = "overlay"
> runroot = "/run/containers/storage"
>
> # Primary Read/Write location of container storage
> +# When changing the graphroot location on an SELINUX system, you must
> +# ensure the labeling matches the default locations labels with the
> +# following commands:
> +# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
> +# restorecon -R -v /NEWSTORAGEPATH
> graphroot = "/var/lib/containers/storage"
>
> +# Optional alternate location of image store if a location separate from the
> +# container store is required. If set, it must be different than graphroot.
> +# imagestore = ""
> +
> +
> # Storage path for rootless users
> #
> # rootless_storage_path = "$HOME/.local/share/containers/storage"
>
> +# Transient store mode makes all container metadata be saved in temporary storage
> +# (i.e. runroot above). This is faster, but doesn't persist across reboots.
> +# Additional garbage collection must also be performed at boot-time, so this
> +# option should remain disabled in most configurations.
> +# transient_store = true
> +
> [storage.options]
> # Storage options to be passed to underlying storage drivers
>
> @@ -25,6 +50,28 @@ graphroot = "/var/lib/containers/storage"
> additionalimagestores = [
> ]
>
> +# Allows specification of how storage is populated when pulling images. This
> +# option can speed the pulling process of images compressed with format
> +# zstd:chunked. Containers/storage looks for files within images that are being
> +# pulled from a container registry that were previously pulled to the host. It
> +# can copy or create a hard link to the existing file when it finds them,
> +# eliminating the need to pull them from the container registry. These options
> +# can deduplicate pulling of content, disk storage of content and can allow the
> +# kernel to use less memory when running containers.
> +
> +# containers/storage supports three keys
> +# * enable_partial_images="true" | "false"
> +# Tells containers/storage to look for files previously pulled in storage
> +# rather then always pulling them from the container registry.
> +# * use_hard_links = "false" | "true"
> +# Tells containers/storage to use hard links rather then create new files in
> +# the image, if an identical file already existed in storage.
> +# * ostree_repos = ""
> +# Tells containers/storage where an ostree repository exists that might have
> +# previously pulled content which can be used when attempting to avoid
> +# pulling content from the container registry
> +pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""}
> +
> # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
> # a container, to the UIDs/GIDs as they should appear outside of the container,
> # and the length of the range of UIDs/GIDs. Additional mapped sets can be
> @@ -32,8 +79,8 @@ additionalimagestores = [
> # mappings which the kernel will allow when you later attempt to run a
> # container.
> #
> -# remap-uids = 0:1668442479:65536
> -# remap-gids = 0:1668442479:65536
> +# remap-uids = "0:1668442479:65536"
> +# remap-gids = "0:1668442479:65536"
>
> # Remap-User/Group is a user name which can be used to look up one or more UID/GID
> # ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting
> @@ -41,7 +88,8 @@ additionalimagestores = [
> # range that matches the specified name, and using the length of that range.
> # Additional ranges are then assigned, using the ranges which specify the
> # lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
> -# until all of the entries have been used for maps.
> +# until all of the entries have been used for maps. This setting overrides the
> +# Remap-UIDs/GIDs setting.
> #
> # remap-user = "containers"
> # remap-group = "containers"
> @@ -57,7 +105,7 @@ additionalimagestores = [
> # Auto-userns-min-size is the minimum size for a user namespace created automatically.
> # auto-userns-min-size=1024
> #
> -# Auto-userns-max-size is the minimum size for a user namespace created automatically.
> +# Auto-userns-max-size is the maximum size for a user namespace created automatically.
> # auto-userns-max-size=65536
>
> [storage.options.overlay]
> @@ -113,7 +161,7 @@ mountopt = "nodev"
> # future. When "force_mask" is set the original permission mask is stored in
> # the "user.containers.override_stat" xattr and the "mount_program" option must
> # be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
> -# extended attribute permissions to processes within containers rather then the
> +# extended attribute permissions to processes within containers rather than the
> # "force_mask" permissions.
> #
> # force_mask = ""
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8556): https://lists.yoctoproject.org/g/meta-virtualization/message/8556
> Mute This Topic: https://lists.yoctoproject.org/mt/104036269/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2024-02-01 14:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-29 17:41 [meta-virtualization][PATCH] container-host-config:storage.conf: sync with libpod v4.8.2 liu.ming50
2024-02-01 14:16 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zbun1rrQvn8Wi7Df@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=liu.ming50@gmail.com \
--cc=meta-virtualization@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).