Hi all,
Can you confirm that, in rootless, users cannot override /etc/containers/registries.conf with ~/.config/containers/registries.conf ? We’d like to be able to whitelist registries for our site.
As an example, suppose I have this in /etc/containers/registries.conf. The intent is to blacklist all of docker.io; and whitelilst docker.io/ubuntu. I’ve found it works as intended.
[[registry]]
location="docker.io"
blocked=true
[[registry]]
location="docker.io/ubuntu"
blocked=false
I want to confirm that a user can’t whitelist additional registries in ~/.config/containers/registries.conf with something like
[[registry]]
location="docker.io/unsafe-namespace"
blocked=false
I’ve tested this myself, and it seems like users can’t override. But I’d like to be 100% sure.
Thanks,
Ron
--------
Ron Rahaman
Research Scientist II, Research Software Engineer
Partnership for an Advanced Computing Environment (PACE)
Georgia Institute of Technology