table of contents
libpod.conf(5) | File Formats Manual | libpod.conf(5) |
NAME¶
libpod.conf - libpod configuration file
DESCRIPTION¶
The libpod.conf file is the default configuration file for all tools using libpod to manage containers.
OPTIONS¶
image_default_transport=""
Default transport method for pulling and pushing images
runtime=""
Default OCI runtime to use if nothing is specified in runtimes
runtimes
For each OCI runtime, specify a list of paths to look for. The first one
found is used. If the paths are empty or no valid path was found, then the
$PATH environment variable will be used as the fallback.
conmon_path=""
Paths to search for the conmon container manager binary. If the paths are
empty or no valid path was found, then the $PATH environment variable
will be used as the fallback.
conmon_env_vars=""
Environment variables to pass into Conmon
cgroup_manager=""
Specify the CGroup Manager to use; valid values are "systemd" and
"cgroupfs"
lock_type=""
Specify the locking mechanism to use; valid values are "shm" and
"file". Change the default only if you are sure of what you are
doing, in general "file" is useful only on platforms where cgo is
not available for using the faster "shm" lock type. You may need
to run "podman system renumber" after you change the lock
type.
init_path=""
Path to the container-init binary, which forwards signals and reaps processes
within containers. Note that the container-init binary will only be used
when the --init for podman-create and podman-run is set.
hooks_dir=["path", ...]
Each *.json file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see oci-hooks(5). Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated.
Paths listed later in the array have higher precedence (oci-hooks(5) discusses directory precedence).
For the annotation conditions, libpod uses any annotations set in the generated OCI configuration.
For the bind-mount conditions, only mounts explicitly requested by the caller via --volume are considered. Bind mounts that libpod inserts by default (e.g. /dev/shm) are not considered.
Podman and libpod currently support an additional precreate state which is called before the runtime's create operation. Unlike the other stages, which receive the container state on their standard input, precreate hooks receive the proposed runtime configuration on their standard input. They may alter that configuration as they see fit, and write the altered form to their standard output.
WARNING: the precreate hook lets you do powerful things, such as adding additional mounts to the runtime configuration. That power also makes it easy to break things. Before reporting libpod errors, try running your container with precreate hooks disabled to see if the problem is due to one of your hooks.
static_dir=""
Directory for persistent libpod files (database, etc)
By default this will be configured relative to where containers/storage
stores containers
tmp_dir=""
Directory for temporary files
Must be a tmpfs (wiped after reboot)
max_log_size=""
Maximum size of log files (in bytes)
no_pivot_root=""
Whether to use chroot instead of pivot_root in the runtime
cni_config_dir=""
Directory containing CNI plugin configuration files
cni_plugin_dir=""
Directories where CNI plugin binaries may be located
infra_image = ""
Infra (pause) container image name for pod infra containers. When running a
pod, we
start a pause process in a container to hold open the namespaces
associated with the
pod. This container and process, basically sleep/pause for the lifetime of
the pod.
infra_command=""
Command to run the infra container
namespace=""
Default libpod namespace. If libpod is joined to a namespace, it will see
only containers and pods
that were created in the same namespace, and will create new containers and
pods in that namespace.
The default namespace is "", which corresponds to no namespace.
When no namespace is set, all
containers and pods are visible.
label="true|false"
Indicates whether the containers should use label separation by default.
Can be overridden via --security-opt label=... on the CLI.
num_locks=""
Number of locks available for containers and pods. Each created container or
pod consumes one lock.
The default number available is 2048.
If this is changed, a lock renumbering must be performed, using the podman
system renumber command.
volume_path=""
Directory where named volumes will be created in using the default volume
driver.
By default this will be configured relative to where containers/storage
stores containers.
network_cmd_path=""
Path to the command binary to use for setting up a network. It is currently
only used for setting up
a slirp4netns network. If "" is used then the binary is looked up
using the $PATH environment variable.
events_logger=""
Default method to use when logging events. Valid values are "file",
"journald", and "none".
detach_keys=""
Keys sequence used for detaching a container
FILES¶
/usr/share/containers/libpod.conf, default libpod configuration path
/etc/containers/libpod.conf, override libpod configuration path
HISTORY¶
Apr 2018, Originally compiled by Nathan Williams ⟨nath.e.will@gmail.com⟩