Hi all,

 

Can you confirm that, in rootless, users cannot override /etc/containers/registries.conf with ~/.config/containers/registries.conf ?  We’d like to be able to whitelist registries for our site. 

 

As an example, suppose I have this in /etc/containers/registries.conf.  The intent is to blacklist all of docker.io; and whitelilst docker.io/ubuntu.  I’ve found it works as intended. 

 

[[registry]]

location="docker.io"

blocked=true

 

[[registry]]

location="docker.io/ubuntu"

blocked=false

 

I want to confirm that a user can’t whitelist additional registries in ~/.config/containers/registries.conf with something like

 

[[registry]]

location="docker.io/unsafe-namespace"

blocked=false

 

I’ve tested this myself, and it seems  like users can’t override.  But I’d like to be 100% sure. 

 

Thanks,

Ron

 

Georgia Institute of Technology