5 Customization and configuration files

 

This chapter covers

  • Using Podman configuration files based on libraries used
  • Configuring the storage.conf file
  • Using the registries.conf and policy.json files for configuration
  • Using the containers.conf file to configure other defaults
  • Using system configuration files to allow non-root users namespace access

Container engines like Podman have dozens of hardcoded defaults built into them. These defaults determine many aspects of the functional and nonfunctional behaviors of Podman, such as network and security settings. Podman developers try to pick the maximum amount of security but still allow most containers to run successfully. Similarly, I want as much isolation from the host as possible.

The security defaults include which Linux capabilities to use, which SELinux labels to set, and the set of syscalls available to the containers. There are defaults for resource constraints, like memory usage and maximum processes allowed within a container. Other defaults include the local path for storing images, the list of container registries, and even system configuration to allow rootless mode to work. The Podman developers wanted to allow users to have ultimate control over these defaults, so the container engine configuration files provide a mechanism for customizing the way Podman and other container engines run.

5.1 Configuration files for storage

 
 
 

5.1.1 Storage location

 
 

5.1.2 Storage drivers

 
 

5.2 Configuration files for registries

 
 
 
 

5.2.1 registries.conf

 

5.3 Configuration files for engines

 
 

5.4 System configuration files

 
 

Summary

 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest