# libpod.conf is the default configuration file for all tools using libpod to # manage containers # Default transport method for pulling and pushing for images image_default_transport = "docker://" # Paths to look for the conmon container manager binary. # If the paths are empty or no valid path was found, then the `$PATH` # environment variable will be used as the fallback. conmon_path = [ "/usr/libexec/podman/conmon", "/usr/local/libexec/podman/conmon", "/usr/local/lib/podman/conmon", "/usr/bin/conmon", "/usr/sbin/conmon", "/usr/local/bin/conmon", "/usr/local/sbin/conmon", "/run/current-system/sw/bin/conmon", ] # Environment variables to pass into conmon conmon_env_vars = [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ] # CGroup Manager - valid values are "systemd" and "cgroupfs" cgroup_manager = "systemd" # Container init binary #init_path = "/usr/libexec/podman/catatonit" # Directory for persistent libpod files (database, etc) # By default, this will be configured relative to where containers/storage # stores containers # Uncomment to change location from this default #static_dir = "/var/lib/containers/storage/libpod" # Directory for temporary files. Must be tmpfs (wiped after reboot) tmp_dir = "/var/run/libpod" # Maximum size of log files (in bytes) # -1 is unlimited max_log_size = -1 # Whether to use chroot instead of pivot_root in the runtime no_pivot_root = false # Directory containing CNI plugin configuration files cni_config_dir = "/etc/cni/net.d/" # Directories where the CNI plugin binaries may be located cni_plugin_dir = [ "/usr/libexec/cni", "/usr/lib/cni", "/usr/local/lib/cni", "/opt/cni/bin" ] # Default CNI network for libpod. # If multiple CNI network configs are present, libpod will use the network with # the name given here for containers unless explicitly overridden. # The default here is set to the name we set in the # 87-podman-bridge.conflist included in the repository. # Not setting this, or setting it to the empty string, will use normal CNI # precedence rules for selecting between multiple networks. cni_default_network = "podman" # Default libpod namespace # If libpod is joined to a namespace, it will see only containers and pods # that were created in the same namespace, and will create new containers and # pods in that namespace. # The default namespace is "", which corresponds to no namespace. When no # namespace is set, all containers and pods are visible. #namespace = "" # Default infra (pause) image name for pod infra containers infra_image = "k8s.gcr.io/pause:3.1" # Default command to run the infra container infra_command = "/pause" # Determines whether libpod will reserve ports on the host when they are # forwarded to containers. When enabled, when ports are forwarded to containers, # they are held open by conmon as long as the container is running, ensuring that # they cannot be reused by other programs on the host. However, this can cause # significant memory usage if a container has many ports forwarded to it. # Disabling this can save memory. #enable_port_reservation = true # Default libpod support for container labeling # label=true # The locking mechanism to use lock_type = "shm" # Number of locks available for containers and pods. # If this is changed, a lock renumber must be performed (e.g. with the # 'podman system renumber' command). num_locks = 2048 # Directory for libpod named volumes. # By default, this will be configured relative to where containers/storage # stores containers. # Uncomment to change location from this default. #volume_path = "/var/lib/containers/storage/volumes" # Selects which logging mechanism to use for Podman events. Valid values # are `journald` or `file`. # events_logger = "journald" # Specify the keys sequence used to detach a container. # Format is a single character [a-Z] or a comma separated sequence of # `ctrl-`, where `` is one of: # `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_` # # detach_keys = "ctrl-p,ctrl-q" # Default OCI runtime runtime = "runc" # List of the OCI runtimes that support --format=json. When json is supported # libpod will use it for reporting nicer errors. runtime_supports_json = ["crun", "runc"] # List of all the OCI runtimes that support --cgroup-manager=disable to disable # creation of CGroups for containers. runtime_supports_nocgroups = ["crun"] # Paths to look for a valid OCI runtime (runc, runv, etc) # If the paths are empty or no valid path was found, then the `$PATH` # environment variable will be used as the fallback. [runtimes] runc = [ "/usr/bin/runc", "/usr/sbin/runc", "/usr/local/bin/runc", "/usr/local/sbin/runc", "/sbin/runc", "/bin/runc", "/usr/lib/cri-o-runc/sbin/runc", "/run/current-system/sw/bin/runc", ] crun = [ "/usr/bin/crun", "/usr/local/bin/crun", ] # Kata Containers is an OCI runtime, where containers are run inside lightweight # Virtual Machines (VMs). Kata provides additional isolation towards the host, # minimizing the host attack surface and mitigating the consequences of # containers breakout. # Please notes that Kata does not support rootless podman yet, but we can leave # the paths below blank to let them be discovered by the $PATH environment # variable. # Kata Containers with the default configured VMM kata-runtime = [ "/usr/bin/kata-runtime", ] # Kata Containers with the QEMU VMM kata-qemu = [ "/usr/bin/kata-qemu", ] # Kata Containers with the Firecracker VMM kata-fc = [ "/usr/bin/kata-fc", ] # The [runtimes] table MUST be the last thing in this file. # (Unless another table is added) # TOML does not provide a way to end a table other than a further table being # defined, so every key hereafter will be part of [runtimes] and not the main # config.