containers · openshift-merge-robot · Jun 10, 2021 · Jun 10, 2021
diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
@@ -302,10 +302,6 @@ The `engine` table contains configuration options used to set up container engin
 
 Name of destination for accessing the Podman service. See SERVICE DESTINATION TABLE below.
 
-**cgroup_check**=false
-
-CgroupCheck indicates the configuration has been rewritten after an upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2.
-
 **cgroup_manager**="systemd"
 
 The cgroup management implementation used for the runtime. Supports `cgroupfs`
@@ -463,14 +459,14 @@ on the system using the priority: "crun", "runc", "kata".
 
 The list of the OCI runtimes that support `--format=json`.
 
-**runtime_supports_nocgroups**=["crun"]
-
-The list of OCI runtimes that support running containers without CGroups.
-
 **runtime_supports_kvm**=["kata"]
 
 The list of OCI runtimes that support running containers with KVM separation.
 
+**runtime_supports_nocgroups**=["crun"]
+
+The list of OCI runtimes that support running containers without CGroups.
+
 **static_dir**="/var/lib/containers/storage/libpod"
 
 Directory for persistent libpod files (database, etc).
@@ -486,6 +482,14 @@ Number of seconds to wait for container to exit before sending kill signal.
 The path to a temporary directory to store per-boot container.
 Must be a tmpfs (wiped after reboot).
 
+**volume_path**="/var/lib/containers/storage/volumes"
+
+Directory where named volumes will be created in using the default volume
+driver.
+By default this will be configured relative to where containers/storage store
+containers. This convention is followed by the default volume driver, but may
+not be by other drivers.
+
 ## SERVICE DESTINATION TABLE
 The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API.
 
@@ -504,14 +508,6 @@ URI to access the Podman service
 
 Path to file containing ssh identity key
 
-**volume_path**="/var/lib/containers/storage/volumes"
-
-Directory where named volumes will be created in using the default volume
-driver.
-By default this will be configured relative to where containers/storage store
-containers. This convention is followed by the default volume driver, but may
-not be by other drivers.
-
 **[engine.volume_plugins]**
 
 A table of all the enabled volume plugins on the system. Volume plugins can be

diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf
@@ -16,30 +16,16 @@
 
 [containers]
 
-# List of devices. Specified as
-# "<device-on-host>:<device-on-container>:<permissions>", for example:
-# "/dev/sdc:/dev/xvdc:rwm".
-# If it is empty or commented out, only the default devices will be used
-#
-# devices = []
-
-# List of volumes. Specified as
-# "<directory-on-host>:<directory-in-container>:<options>", for example:
-# "/db:/var/lib/db:ro".
-# If it is empty or commented out, no volumes will be added
-#
-# volumes = []
-
-# Used to change the name of the default AppArmor profile of container engine.
-#
-# apparmor_profile = "container-default"
-
 # List of annotation. Specified as
 # "key=value"
 # If it is empty or commented out, no annotations will be added
 #
 # annotations = []
 
+# Used to change the name of the default AppArmor profile of container engine.
+#
+# apparmor_profile = "container-default"
+
 # Default way to to create a cgroup namespace for the container
 # Options are:
 # `private` Create private Cgroup Namespace for the container.
@@ -93,6 +79,13 @@ default_sysctls = [
 #  "nofile=1280:2560",
 # ]
 
+# List of devices. Specified as
+# "<device-on-host>:<device-on-container>:<permissions>", for example:
+# "/dev/sdc:/dev/xvdc:rwm".
+# If it is empty or commented out, only the default devices will be used
+#
+# devices = []
+
 # List of default DNS options to be added to /etc/resolv.conf inside of the container.
 #
 # dns_options = []
@@ -185,17 +178,17 @@ default_sysctls = [
 #
 # no_hosts = false
 
-# Maximum number of processes allowed in a container.
-#
-# pids_limit = 2048
-
 # Default way to to create a PID namespace for the container
 # Options are:
 # `private` Create private PID Namespace for the container.
 # `host`    Share host PID Namespace with the container.
 #
 # pidns = "private"
 
+# Maximum number of processes allowed in a container.
+#
+# pids_limit = 2048
+
 # Indicates the networking to be used for rootless containers
 # rootless_networking="slirp4netns"
 
@@ -220,13 +213,6 @@ default_sysctls = [
 #
 # umask="0022"
 
-# Default way to to create a UTS namespace for the container
-# Options are:
-# `private`        Create private UTS Namespace for the container.
-# `host`    Share host UTS Namespace with the container.
-#
-# utsns = "private"
-
 # Default way to to create a User namespace for the container
 # Options are:
 # `auto`        Create unique User Namespace for the container.
@@ -240,6 +226,20 @@ default_sysctls = [
 #
 # userns_size=65536
 
+# Default way to to create a UTS namespace for the container
+# Options are:
+# `private`        Create private UTS Namespace for the container.
+# `host`    Share host UTS Namespace with the container.
+#
+# utsns = "private"
+
+# List of volumes. Specified as
+# "<directory-on-host>:<directory-in-container>:<options>", for example:
+# "/db:/var/lib/db:ro".
+# If it is empty or commented out, no volumes will be added
+#
+# volumes = []
+
 # The network table contains settings pertaining to the management of
 # CNI plugins.
 
@@ -263,14 +263,8 @@ default_sysctls = [
 # network_config_dir = "/etc/cni/net.d/"
 
 [engine]
-# Maximum number of image layers to be copied (pulled/pushed) simultaneously.
-# Not setting this field, or setting it to zero, will fall back to containers/image defaults.
-# image_parallel_copies=0
-
-# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
-# container images. By default image pulled and pushed match the format of the
-# source image. Building/committing defaults to OCI.
-# image_default_format = ""
+# Index to the active service
+# active_service = production
 
 # Cgroup management implementation used for the runtime.
 # Valid options "systemd" or "cgroupfs"
@@ -328,10 +322,19 @@ default_sysctls = [
 #     "/usr/share/containers/oci/hooks.d",
 # ]
 
+# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
+# container images. By default image pulled and pushed match the format of the
+# source image. Building/committing defaults to OCI.
+# image_default_format = ""
+
 # Default transport method for pulling and pushing for images
 #
 # image_default_transport = "docker://"
 
+# Maximum number of image layers to be copied (pulled/pushed) simultaneously.
+# Not setting this field, or setting it to zero, will fall back to containers/image defaults.
+# image_parallel_copies=0
+
 # Default command to run the infra container
 #
 # infra_command = "/pause"
@@ -398,24 +401,6 @@ default_sysctls = [
 # `podman --remote=true` for access to the remote Podman service.
 # remote = false
 
-# Directory for persistent engine files (database, etc)
-# By default, this will be configured relative to where the containers/storage
-# stores containers
-# Uncomment to change location from this default
-#
-# static_dir = "/var/lib/containers/storage/libpod"
-
-# Directory for temporary files. Must be tmpfs (wiped after reboot)
-#
-# tmp_dir = "/run/libpod"
-
-# Directory for libpod named volumes.
-# By default, this will be configured relative to where containers/storage
-# stores containers.
-# Uncomment to change location from this default.
-#
-# volume_path = "/var/lib/containers/storage/volumes"
-
 # Default OCI runtime
 #
 # runtime = "crun"
@@ -425,20 +410,24 @@ default_sysctls = [
 #
 # runtime_supports_json = ["crun", "runc", "kata", "runsc"]
 
+# List of the OCI runtimes that supports running containers with KVM Separation.
+#
+# runtime_supports_kvm = ["kata"]
+
 # List of the OCI runtimes that supports running containers without cgroups.
 #
 # runtime_supports_nocgroups = ["crun"]
 
-# List of the OCI runtimes that supports running containers with KVM Separation.
+# Directory for persistent engine files (database, etc)
+# By default, this will be configured relative to where the containers/storage
+# stores containers
+# Uncomment to change location from this default
 #
-# runtime_supports_kvm = ["kata"]
+# static_dir = "/var/lib/containers/storage/libpod"
 
 # Number of seconds to wait for container to exit before sending kill signal.
 # stop_timeout = 10
 
-# Index to the active service
-# active_service = production
-
 # map of service destinations
 # [service_destinations]
 #   [service_destinations.production]
@@ -452,6 +441,17 @@ default_sysctls = [
 #     Path to file containing ssh identity key
 #     identity = "~/.ssh/id_rsa"
 
+# Directory for temporary files. Must be tmpfs (wiped after reboot)
+#
+# tmp_dir = "/run/libpod"
+
+# Directory for libpod named volumes.
+# By default, this will be configured relative to where containers/storage
+# stores containers.
+# Uncomment to change location from this default.
+#
+# volume_path = "/var/lib/containers/storage/volumes"
+
 # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc)
 [engine.runtimes]
 # crun = [
@@ -464,16 +464,6 @@ default_sysctls = [
 #            "/run/current-system/sw/bin/crun",
 # ]
 
-# runc = [
-#        "/usr/bin/runc",
-#        "/usr/sbin/runc",
-#        "/usr/local/bin/runc",
-#        "/usr/local/sbin/runc",
-#        "/sbin/runc",
-#        "/bin/runc",
-#        "/usr/lib/cri-o-runc/sbin/runc",
-# ]
-
 # kata = [
 #            "/usr/bin/kata-runtime",
 #            "/usr/sbin/kata-runtime",
@@ -485,6 +475,16 @@ default_sysctls = [
 #            "/usr/bin/kata-fc",
 # ]
 
+# runc = [
+#        "/usr/bin/runc",
+#        "/usr/sbin/runc",
+#        "/usr/local/bin/runc",
+#        "/usr/local/sbin/runc",
+#        "/sbin/runc",
+#        "/bin/runc",
+#        "/usr/lib/cri-o-runc/sbin/runc",
+# ]
+
 # runsc = [
 #            "/usr/bin/runsc",
 #            "/usr/sbin/runsc",