github.com/containers/podman/v4@v4.9.4/contrib/podmanimage/stable/Containerfile

github.com/containers/podman/v4@v4.9.4/contrib/podmanimage/stable/Containerfile (about)

     1  # stable/Containerfile
     2  #
     3  # Build a Podman container image from the latest
     4  # stable version of Podman on the Fedoras Updates System.
     5  # https://bodhi.fedoraproject.org/updates/?search=podman
     6  # This image can be used to create a secured container
     7  # that runs safely with privileges within the container.
     8  #
     9  FROM registry.fedoraproject.org/fedora:latest
    10  
    11  # Don't include container-selinux and remove
    12  # directories used by dnf that are just taking
    13  # up space.
    14  # TODO: rpm --setcaps... needed due to Fedora (base) image builds
    15  #       being (maybe still?) affected by
    16  #       https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
    17  RUN dnf -y update && \
    18      rpm --setcaps shadow-utils 2>/dev/null && \
    19      dnf -y install podman fuse-overlayfs openssh-clients \
    20          --exclude container-selinux && \
    21      dnf clean all && \
    22      rm -rf /var/cache /var/log/dnf* /var/log/yum.*
    23  
    24  RUN useradd podman; \
    25  echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
    26  echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
    27  
    28  ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
    29  ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
    30  ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
    31  
    32  RUN mkdir -p /home/podman/.local/share/containers && \
    33      chown podman:podman -R /home/podman && \
    34      chmod 644 /etc/containers/containers.conf
    35  
    36  # Copy & modify the defaults to provide reference if runtime changes needed.
    37  # Changes here are required for running with fuse-overlay storage inside container.
    38  RUN sed -e 's|^#mount_program|mount_program|g' \
    39             -e '/additionalimage.*/a "/var/lib/shared",' \
    40             -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
    41             /usr/share/containers/storage.conf \
    42             > /etc/containers/storage.conf
    43  
    44  # Setup internal Podman to pass subscriptions down from host to internal container
    45  RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
    46  
    47  # Note VOLUME options must always happen after the chown call above
    48  # RUN commands can not modify existing volumes
    49  VOLUME /var/lib/containers
    50  VOLUME /home/podman/.local/share/containers
    51  
    52  RUN mkdir -p /var/lib/shared/overlay-images \
    53               /var/lib/shared/overlay-layers \
    54               /var/lib/shared/vfs-images \
    55               /var/lib/shared/vfs-layers && \
    56      touch /var/lib/shared/overlay-images/images.lock && \
    57      touch /var/lib/shared/overlay-layers/layers.lock && \
    58      touch /var/lib/shared/vfs-images/images.lock && \
    59      touch /var/lib/shared/vfs-layers/layers.lock
    60  
    61  ENV _CONTAINERS_USERNS_CONFIGURED=""