File libcontainers-common.changes of Package libcontainers-common.12794

Mon Sep 23 15:28:02 UTC 2019 - Richard Brown <>

- Update to image 1.4.4
  - Hard-code the kernel keyring use to be disabled for now
- Update to libpod 1.5.1
  - The hostname of pods is now set to the pod's name
  - Minor bugfixes
- Update to storage 1.12.16
  - Ignore ro mount options in btrfs and windows drivers

Mon Sep 23 12:01:53 UTC 2019 - Richard Brown <>

- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)

Wed Aug  7 10:35:07 UTC 2019 - Sascha Grunert <>

- Add missing licenses to spec file

Tue Aug  6 11:42:17 UTC 2019 - Marco Vedovati <>

- Add a default registries.d configuration file, used to specify images 
  signatures storage location.

Fri Aug  2 09:46:10 UTC 2019 - Sascha Grunert <>

- Update to image v3.0.0
  - Add "Env" to ImageInspectInfo
  - Add API function TryUpdatingCache
  - Add ability to install man pages
  - Add user registry auth to kernel keyring
  - Fix -> references
  - Fix typo in docs/
  - Remove pkg/sysregistries
  - Touch up transport man page
  - Try harder in storageImageDestination.TryReusingBlob
  - Use the same HTTP client for contacting the bearer token server and the
  - ci: change GOCACHE to a writeable path
  - config.go: improve debug message
  - config.go: log where credentials come from
  - docker client: error if registry is blocked
  - docker: allow deleting OCI images
  - docker: delete: support all MIME types
  - ostree: default is no OStree support
  - ostree: improve error message
  - progress bar: use spinners for unknown blob sizes
  - use 'containers_image_ostree' as build tag
  - use keyring when authfile empty
- Update to storage v1.12.16
  - Add cirrus vendor check
  - Add storage options to IgnoreChownErrors
  - Add support for UID as well as UserName in /etc/subuid files.
  - Add support for ignoreChownErrors to vfs
  - Add support for installing man pages
  - Fix cross-compilation
  - Keep track of the UIDs and GIDs used in applied layers
  - Move lockfiles to their own package
  - Remove merged directory when it is unmounted
  - Switch to go modules
  - Switch to golangci-lint
  - Update generated files
  - Use same variable name on both commands
  - cirrus: ubuntu: try removing cryptsetup-initramfs
  - compression: add support for the zstd algorithm
  - getLockfile(): use the absolute path
  - loadMounts(): reset counts before merging just-loaded data
  - lockfile: don't bother releasing a lock when closing a file
  - locking test updates
  - locking: take read locks on read-only stores
  - make local-cross more reliable for CI
  - overlay: cache the results of supported/using-metacopy/use-naive-diff
    feature tests
  - overlay: fix small piece of repeated work
  - utils: fix check for missing conf file
  - zstd: use directly

Mon Jul  8 13:18:20 UTC 2019 - Sascha Grunert <>

- Update to libpod v1.4.4
  - Fixed a bug where rootless Podman would attempt to use the
    entire root configuration if no rootless configuration was
    present for the user, breaking rootless Podman for new
  - Fixed a bug where rootless Podman's pause process would block
    SIGTERM, preventing graceful system shutdown and hanging until
    the system's init send SIGKILL
  - Fixed a bug where running Podman as root with sudo -E would not
    work after running rootless Podman at least once
  - Fixed a bug where options for tmpfs volumes added with the
    --tmpfs flag were being ignored
  - Fixed a bug where images with no layers could not properly be
    displayed and removed by Podman
  - Fixed a bug where locks were not properly freed on failure to
    create a container or pod
  - Podman now has greatly improved support for containers using
    multiple OCI runtimes. Containers now remember if they were
    created with a different runtime using --runtime and will
    always use that runtime
  - The cached and delegated options for volume mounts are now
    allowed for Docker compatability (#3340)
  - The podman diff command now supports the --latest flag
  - Fixed a bug where podman cp on a single file would create a
    directory at the target and place the file in it (#3384)
  - Fixed a bug where podman inspect --format '{{.Mounts}}' would
    print a hexadecimal address instead of a container's mounts
  - Fixed a bug where rootless Podman would not add an entry to
    container's /etc/hosts files for their own hostname (#3405)
  - Fixed a bug where podman ps --sync would segfault (#3411)
  - Fixed a bug where podman generate kube would produce an invalid
    ports configuration (#3408)
  - Podman now performs much better on systems with heavy I/O load
  - The --cgroup-manager flag to podman now shows the correct
    default setting in help if the default was overridden by
  - For backwards compatability, setting --log-driver=json-file in
    podman run is now supported as an alias for
    --log-driver=k8s-file. This is considered deprecated, and
    json-file will be moved to a new implementation in the future
  - Podman's default libpod.conf file now allows the crun OCI
    runtime to be used if it is installed
  - Fixed a bug where Podman could not run containers using an
    older version of Systemd as init (#3295)
  - Updated vendored Buildah to v1.9.0 to resolve a critical bug
    with Dockerfile RUN instructions
  - The error message for running podman kill on containers that
    are not running has been improved
  - The Podman remote client can now log to a file if syslog is not
  - The MacOS dmg file is experimental, use at your own risk.
  - The podman exec command now sets its error code differently
    based on whether the container does not exist, and the command
    in the container does not exist
  - The podman inspect command on containers now outputs Mounts
    JSON that matches that of docker inspect, only including
    user-specified volumes and differentiating bind mounts and
    named volumes
  - The podman inspect command now reports the path to a
    container's OCI spec with the OCIConfigPath key (only included
    when the container is initialized or running)
  - The podman run --mount command now supports the
    bind-nonrecursive option for bind mounts (#3314)
  - Fixed a bug where podman play kube would fail to create
    containers due to an unspecified log driver
  - Fixed a bug where Podman would fail to build with musl libc
  - Fixed a bug where rootless Podman using slirp4netns networking
    in an environment with no nameservers on the host other than
    localhost would result in nonfunctional networking (#3277)
  - Fixed a bug where podman import would not properly set
    environment variables, discarding their values and retaining
    only keys
  - Fixed a bug where Podman would fail to run when built with
    Apparmor support but run on systems without the Apparmor kernel
    module loaded (#3331)
  - Remote Podman will now default the username it uses to log in
    to remote systems to the username of the current user
  - Podman now uses JSON logging with OCI runtimes that support it,
    allowing for better error reporting
  - Updated vendored Buildah to v1.8.4
  - Updated vendored containers/image to v2.0
- Update to image v2.0.0
  - Add registry mirror support
  - Include missing man pages (bsc#1139526)
- Update to storage v1.12.10
  - Add support for UID as well as UserName in /etc/subuid files.
  - utils: fix check for missing conf file
  - compression: add support for the zstd algorithm
  - overlay: cache the results of
    supported/using-metacopy/use-naive-diff feature tests

Tue Jun 11 07:06:13 UTC 2019 - Sascha Grunert <>

- Update to libpod v1.4.0
  - The podman checkpoint and podman restore commands can now be
    used to migrate containers between Podman installations on
    different systems
  - The podman cp command now supports a pause flag to pause
    containers while copying into them
  - The remote client now supports a configuration file for
    pre-configuring connections to remote Podman installations
  - Fixed CVE-2019-10152 - The podman cp command improperly
    dereferenced symlinks in host context
  - Fixed a bug where podman commit could improperly set
    environment variables that contained = characters
  - Fixed a bug where rootless Podman would sometimes fail to start
    containers with forwarded ports
  - Fixed a bug where podman version on the remote client could
  - Fixed a bug where podman container runlabel would use
    /proc/self/exe instead of the path of the Podman command when
    printing the command being executed
  - Fixed a bug where filtering images by label did not work
  - Fixed a bug where specifying a bing mount or tmpfs mount over
    an image volume would cause a container to be unable to start
  - Fixed a bug where podman generate kube did not work with
    containers with named volumes
  - Fixed a bug where rootless Podman would receive permission
    denied errors accessing
  - Fixed a bug where podman cp with a folder specified as target
    would replace the folder, as opposed to copying into it
  - Fixed a bug where rootless Podman commands could double-unlock
    a lock, causing a crash
  - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
    mounts, causing errors when using the Kata containers runtime
  - Fixed a bug where podman exec would fail on older kernels
  - The podman commit command is now usable with the Podman remote
  - The --signature-policy flag (used with several image-related
    commands) has been deprecated
  - The podman unshare command now defines two environment
    variables in the spawned shell: CONTAINERS_RUNROOT and
    CONTAINERS_GRAPHROOT, pointing to temporary and permanent
    storage for rootless containers
  - Updated vendored containers/storage and containers/image
    libraries with numerous bugfixes
  - Updated vendored Buildah to v1.8.3
  - Podman now requires Conmon v0.2.0
  - The podman cp command is now aliased as podman container cp
  - Rootless Podman will now default init_path using root Podman's
    configuration files (/etc/containers/libpod.conf and
    /usr/share/containers/libpod.conf) if not overridden in the
    rootless configuration
- Update to image v1.5.1
  - Vendor in latest containers/storage
  - docker/docker_client: Drop redundant Domain(ref.ref) call
  - pkg/blobinfocache: Split implementations into subpackages
  - copy: progress bar: show messages on completion
  - docs: rename manpages to *.5.command
  - add manpage
  - pkg/docker/config: Bring auth tests from
  - Don't allocate a sync.Mutex separately
- Update to storage v1.12.10
  - Add function to parse out mount options from graphdriver
  - Merge the disparate parts of all of the Unix-like lockfiles
  - Fix unix-but-not-Linux compilation
  - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set
  - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes
  - lockfile: add RecursiveLock() API
  - Update generated files
  - Fix crash on tesing of aufs code
  - Let consumers know when Layers and Images came from read-only stores
  - chown: do not change owner for the mountpoint
  - locks: correctly mark updates to the layers list
  - CreateContainer: don't worry about mapping layers unless necessary
  - docs: fix manpage for containers-storage.conf
  - docs: sort configuration options alphabetically
  - docs: document OSTree file deduplication
  - Add missing options to man page for containers-storage
  - overlay: use the layer idmapping if present
  - vfs: prefer layer custom idmappings
  - layers: propagate down the idmapping settings
  - Recreate symlink when not found
  - docs: fix manpage for configuration file
  - docs: add special handling for manpages in sect 5
  - overlay: fix single-lower test
  - Recreate symlink when not found
  - overlay: propagate errors from mountProgram
  - utils: root in a userns uses global conf file
  - Fix handling of additional stores
  - Correctly check permissions on rootless directory
  - Fix possible integer overflow on 32bit builds
  - Evaluate device path for lvm
  - lockfile test: make concurrent RW test determinisitc
  - lockfile test: make concurrent read tests deterministic
  - drivers.DirCopy: fix filemode detection
  - storage: move the logic to detect rootless into utils.go
  - Don't set (struct flock).l_pid
  - Improve documentation of getLockfile
  - Rename getLockFile to createLockerForPath, and document it
  - Add FILES section to containers-storage.5 man page
  - add digest locks
  - drivers/copy: add a non-cgo fallback
- Add default SLES mounts for container-suseconnect usage

Tue Jun  4 14:27:15 UTC 2019 - Richard Brown <>

- Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly

Mon Apr  1 14:24:17 UTC 2019 - Richard Brown <>

- Update to libpod v1.2.0
  * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
  * Move pkg/util default storage functions from libpod to containers/storage
- Update to image v1.5
  * Minor behind the scene bugfixes, no user facing changes
- Update to storage v1.12.1
  * Move pkg/util default storage functions from libpod to containers/storage
  * containers/storage no longer depends on containers/image
- Version 20190401

Wed Feb 27 14:51:55 UTC 2019 - Richard Brown <>

- Update to libpod v1.1.0
   * Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
   * Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf

Tue Feb 19 15:34:54 UTC 2019 - Richard Brown <>

- Upgrade to storage v1.10
  * enable parallel blob reads
  * Teach images to hold multiple manifests
  * Move structs for storage.conf to pkg/config
- Upgrade to libpod v1.0.1
  * Do not unmarshal into c.config.Spec
  * spec: add nosuid,noexec,nodev to ro bind mount

Sat Feb  2 11:07:30 UTC 2019 - Richard Brown <>

- Restore non-upstream storage.conf, needed by CRI-O

Fri Jan 25 14:30:45 UTC 2019 - Richard Brown <>

- Upgrade to storage v1.8
  * Check for the OS when setting btrfs/libdm/ostree tags
- Upgrade to image v1.3
  * vendor: use instead of compress/gzip
  * vendor latest ostree
- Refactor specfile to use versioned tarballs
- Established package versioning scheme (ISODATE of change)
- Remove non-upstream storage.conf
- Set btrfs as default driver if /var/lib is on btrfs [boo#1123119]
- Version 20190125

Thu Jan 17 14:20:49 UTC 2019 - Richard Brown <>

- Upgrade to storage v1.6
  * Remove private mount from zfs driver
  * Update zfs driver to be closer to moby driver
  * Use mount options when mounting the chown layer.

Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <>

- Upgrade to libpod v1.0.0
  * Fixed a bug where storage.conf was sometimes ignored for rootless containers

Tue Jan  8 11:35:41 UTC 2019 - Richard Brown <>

- Upgrade to libpod v0.12.1.2 and storage v1.4
  * No significant functional or packaging changes

Sun Jan  6 22:11:02 UTC 2019 - Richard Brown <>

- storage.conf - restore btrfs as the default driver

Fri Dec  7 10:54:37 UTC 2018 - Richard Brown <>

- Update to latest libpod and storage to support cri-o 1.13

Wed Dec  5 14:45:37 UTC 2018 - Richard Brown <>

- Use seccomp.json from, instead of
  installing the tar.xz on users systems (boo#1118444)

Mon Nov 12 09:21:37 UTC 2018 - Valentin Rothberg <>

- Add oci-hooks(5) manpage from libpod.

Mon Nov 12 08:14:08 UTC 2018 - Valentin Rothberg <>

- Use seccomp.json from to align with the
  upstream defaults.

- Update to the latest image and storage to pull in improvements to the

Mon Aug 27 14:24:51 UTC 2018 -

- storage.conf: comment out options that are not supported by btrfs.
  This simplifies switching the driver as it avoids the whack-a-mole
  of commenting out "unsupported" options.

Mon Aug 27 08:48:16 UTC 2018 -

- Consolidate libcontainers-{common,image,storage} into one package,
  libcontainers-common. That's the way upstream intended all libraries from to be packaged. It facilitates updating and maintaining
  the package, as all configs and manpages come from a central source.

  Note that the `storage` binary that previously has been provided by the
  libcontainers-storage package is not provided anymore as, despite the claims
  in the manpages, it is not intended for production use.

Mon Aug 13 11:44:31 UTC 2018 -

- Make libcontainers-common arch independent.


Thu Apr 12 09:36:39 UTC 2018 -

- Added /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d
  to the package. These are used by tools like cri-o and podman to store
  custom hooks.

Mon Mar  5 09:30:12 UTC 2018 -

- Configuration files should generally be tagged as %config(noreplace) in order
  to keep the modified config files and to avoid losing data when the package
  is being updated.


Thu Feb  8 13:07:24 UTC 2018 -

- Add libcontainers-common package.