12:58 a.m.
On Fri, Sep 22, 2023 at 9:01 PM Rahaman, Ronald O <rrahaman6(a)gatech.edu>
wrote:
Hi all,
Can you confirm that, in rootless, users cannot override
/etc/containers/registries.conf with ~/.config/containers/registries.conf
? We’d like to be able to whitelist registries for our site.
Yes, users can override system configurations in their home directory. As
outlined in the man pages [1], the config in the home directory will be
loaded _instead_ of the system configuration in /etc. That means it will
override and not add to the system configuration.
Kind regards,
Valentin
[1]
https://github.com/containers/image/blob/main/docs/containers-registries....
As an example, suppose I have this in
/etc/containers/registries.conf.
The intent is to blacklist all of docker.io; and whitelilst
docker.io/ubuntu. I’ve found it works as intended.
[[registry]]
location="docker.io"
blocked=true
[[registry]]
location="docker.io/ubuntu"
blocked=false
I want to confirm that a user can’t whitelist additional registries in
~/.config/containers/registries.conf with something like
[[registry]]
location="docker.io/unsafe-namespace"
blocked=false
I’ve tested this myself, and it seems like users can’t override. But I’d
like to be 100% sure.
Thanks,
Ron
--------
Ron Rahaman
Research Scientist II, Research Software Engineer
Partnership for an Advanced Computing Environment (PACE)
Georgia Institute of Technology
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io