68 lines
2.9 KiB
Text
68 lines
2.9 KiB
Text
[storage]
|
|
driver = "overlay"
|
|
runroot = "/run/containers/storage"
|
|
graphroot = "/var/lib/containers/storage"
|
|
|
|
[storage.options.overlay]
|
|
# ignore_chown_errors can be set to allow a non privileged user running with
|
|
# a single UID within a user namespace to run containers. The user can pull
|
|
# and use any image even those with multiple uids. Note multiple UIDs will be
|
|
# squashed down to the default uid in the container. These images will have no
|
|
# separation between the users in the container. Only supported for the overlay
|
|
# and vfs drivers.
|
|
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
|
|
#ignore_chown_errors = "false"
|
|
|
|
# Inodes is used to set a maximum inodes of the container image.
|
|
# inodes = ""
|
|
|
|
# Path to an helper program to use for mounting the file system instead of mounting it
|
|
# directly.
|
|
mount_program = "/usr/bin/fuse-overlayfs"
|
|
|
|
# mountopt specifies comma separated list of extra mount options
|
|
mountopt = "nodev"
|
|
|
|
# Set to skip a PRIVATE bind mount on the storage home directory.
|
|
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
|
|
# skip_mount_home = "false"
|
|
|
|
# Set to use composefs to mount data layers with overlay.
|
|
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
|
|
# use_composefs = "false"
|
|
|
|
# Size is used to set a maximum size of the container image.
|
|
# size = ""
|
|
|
|
# ForceMask specifies the permissions mask that is used for new files and
|
|
# directories.
|
|
#
|
|
# The values "shared" and "private" are accepted.
|
|
# Octal permission masks are also accepted.
|
|
#
|
|
# "": No value specified.
|
|
# All files/directories, get set with the permissions identified within the
|
|
# image.
|
|
# "private": it is equivalent to 0700.
|
|
# All files/directories get set with 0700 permissions. The owner has rwx
|
|
# access to the files. No other users on the system can access the files.
|
|
# This setting could be used with networked based homedirs.
|
|
# "shared": it is equivalent to 0755.
|
|
# The owner has rwx access to the files and everyone else can read, access
|
|
# and execute them. This setting is useful for sharing containers storage
|
|
# with other users. For instance have a storage owned by root but shared
|
|
# to rootless users as an additional store.
|
|
# NOTE: All files within the image are made readable and executable by any
|
|
# user on the system. Even /etc/shadow within your image is now readable by
|
|
# any user.
|
|
#
|
|
# OCTAL: Users can experiment with other OCTAL Permissions.
|
|
#
|
|
# Note: The force_mask Flag is an experimental feature, it could change in the
|
|
# future. When "force_mask" is set the original permission mask is stored in
|
|
# the "user.containers.override_stat" xattr and the "mount_program" option must
|
|
# be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
|
|
# extended attribute permissions to processes within containers rather than the
|
|
# "force_mask" permissions.
|
|
#
|
|
# force_mask = ""
|