We need to use the default from containers.conf and not hardcode them in
buildah. This fixes an issue with the cni network backend since it would
try to access /etc/cni/net.d/ even as rootless user. This regression was
introduced in commit f9cff07b81.
Also hide the cni flags as we do not expect users to change this. The
recommended way is to change them in containers.conf.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This PR removes the pkg/auth which brings in docker/docker
since it really is not needed, and was only there to help users
discover the settings of where the authfile was, when the environment
variables were set. Would almost never be of any value.
Move imagebuildah.BuildOptions to define.BuildOptions
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently we have a weird situation where the user sets the default
runtime in his containers.conf for podman but Buildah is still falling
back to use runc because it was hard coded as the default for Buildah.
I would like to remove this default, but that would theoretically break
the API promise of Buildah.
This should fix https://github.com/containers/podman/issues/8893
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add RunOptions and BuildOptions flags for modifying the list of granted
capabilities from the default.
Default to granting the current (as of this writing) defaults from
runtime-tools, with CAP_NET_RAW removed:
* CAP_AUDIT_WRITE
* CAP_CHOWN
* CAP_DAC_OVERRIDE
* CAP_FOWNER
* CAP_FSETID
* CAP_KILL
* CAP_MKNOD
* CAP_NET_BIND_SERVICE
* CAP_SETFCAP
* CAP_SETGID
* CAP_SETPCAP
* CAP_SETUID
* CAP_SYS_CHROOT
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #799
Approved by: rhatdan
Use CNI to configure networks for containers for which we create new
network namespaces.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
Paul Holzinger
Daniel J Walsh
Nalin Dahyabhai