container creation: don't apply reserved annotations from image

Do not apply reserved annotations from the image to the container. Reserved annotations are applied during container creation to retrieve certain information (e.g., custom seccomp profile or autoremoval) once a container has been created. Context: #12671 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
author: Valentin Rothberg <rothberg@redhat.com> 2021-12-22 13:28:36 +0100
committer: Valentin Rothberg <rothberg@redhat.com> 2021-12-23 13:40:46 +0100
commit: 1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13 (patch)
tree: 5d0d0dd951ba6844cbbdc709669a0aa0275bc9eb /pkg
parent: cbcab434254e62083b8b73cb73ba95c3bb150b4c (diff)
download: podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.tar.gz
podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.tar.bz2
podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 40a18a6ac..57676db10 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -156,7 +156,9 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 
 		// Add annotations from the image
 		for k, v := range inspectData.Annotations {
-			annotations[k] = v
+			if !define.IsReservedAnnotation(k) {
+				annotations[k] = v
+			}
 		}
 	}
author	Valentin Rothberg <rothberg@redhat.com>	2021-12-22 13:28:36 +0100
committer	Valentin Rothberg <rothberg@redhat.com>	2021-12-23 13:40:46 +0100
commit	1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13 (patch)
tree	5d0d0dd951ba6844cbbdc709669a0aa0275bc9eb /pkg
parent	cbcab434254e62083b8b73cb73ba95c3bb150b4c (diff)
download	podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.tar.gz podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.tar.bz2 podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.zip