aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2021-09-09 11:48:42 +0200
committerValentin Rothberg <rothberg@redhat.com>2021-09-10 12:43:07 +0200
commit6f36a47ac2bc5dee2785043231a6e0734c9087cf (patch)
treed2b9fcd5ea2dc6950050d33c6312ed5b1c28752d
parent63f6656f8fa79d7f6e01379d7ba0aa4ab3c03b37 (diff)
downloadpodman-6f36a47ac2bc5dee2785043231a6e0734c9087cf.tar.gz
podman-6f36a47ac2bc5dee2785043231a6e0734c9087cf.tar.bz2
podman-6f36a47ac2bc5dee2785043231a6e0734c9087cf.zip
podman machine: enforce a single search registry
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Fixes: #11489 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r--pkg/machine/ignition.go36
1 files changed, 36 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index a9289d6b3..df6e11f92 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -139,6 +139,21 @@ func getDirs(usrName string) []Directory {
}
dirs[i] = newDir
}
+
+ // Issue #11489: make sure that we can inject a custom registries.conf
+ // file on the system level to force a single search registry.
+ // The remote client does not yet support prompting for short-name
+ // resolution, so we enforce a single search registry (i.e., docker.io)
+ // as a workaround.
+ dirs = append(dirs, Directory{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/containers/registries.conf.d",
+ User: getNodeUsr("root"),
+ },
+ DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(493)},
+ })
+
return dirs
}
@@ -203,6 +218,27 @@ func getFiles(usrName string) []File {
Mode: intToPtr(420),
},
})
+
+ // Issue #11489: make sure that we can inject a custom registries.conf
+ // file on the system level to force a single search registry.
+ // The remote client does not yet support prompting for short-name
+ // resolution, so we enforce a single search registry (i.e., docker.io)
+ // as a workaround.
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/containers/registries.conf.d/999-podman-machine.conf",
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: strToPtr("data:,unqualified-search-registries%3D%5B%22docker.io%22%5D"),
+ },
+ Mode: intToPtr(420),
+ },
+ })
+
return files
}