5 Customization and configuration files
This chapter covers
- Using Podman configuration files based on libraries used
- Configuring storage.conf file
- Using registries.conf and policy.json files for configuration
- Using containers.conf file to configure other defaults
- Using system configuration files to allow non-root users namespace access
Container engines like Podman have dozens of hard-coded defaults built into them. These defaults determine many aspects of the functional and non-functional behavior of Podman, such as network and security settings. Podman developers try to pick the maximum amount of security but still allow most containers to run successfully. Similarly I want as much isolation from the host as possible.
The security defaults include which Linux capabilities to use, which SELinux labels to set, the set of syscalls available to the containers. There are defaults for resource constraints like memory usage and maximum processes allowed within a container. Other defaults include local path for storing images, list of container registries, and even system configuration to allow rootless mode to work. The Podman developers wanted to allow users to have ultimate control over these defaults, so the container engine configuration files provide a mechanism to customize the way Podman and other container engines run.