Remove nested-podman
This commit is contained in:
Samuel Aubertin
@@ -62,7 +62,7 @@ Supported keys when the manifest is present:
|
||||
| --- | --- | --- |
|
||||
| `name` | project directory name | Must match `^[A-Za-z0-9_.-]+$`. Used for image/container naming. |
|
||||
| `packages_extra` | *empty* | Additional Debian packages installed during `docker/podman build`. Tokens must be alphanumeric plus `+.-`. |
|
||||
| `capabilities` | *empty* | Optional privileged features. Supported values are `apt-install`, `packet-capture`, and `nested-podman`. |
|
||||
| `capabilities` | *empty* | Optional privileged features. Supported values are `apt-install` and `packet-capture`. |
|
||||
| `allow_host_network` | `false` | `true` opts into `--network host`; keep `false` unless the project absolutely requires direct access to host-local services. |
|
||||
|
||||
Values containing `$`, `` ` ``, or newlines are rejected to prevent command injection. Setting illegal keys or malformed values aborts the run before containers start.
|
||||
@@ -131,8 +131,6 @@ When the current manifest's capabilities are trusted and enabled, the container
|
||||
|
||||
- `slop-apt install <package...>` for session-scoped package installation.
|
||||
- `slopcap capture --interface <iface> [--filter <expr>] [--output <path>] [--stdout]` for packet capture.
|
||||
- `sloppodman <pull|build|tag|run|ps|logs|stop|rm|inspect> ...` for nested Podman workflows. `build` contexts and Dockerfiles must remain inside `/workspace`, and pushes are not supported.
|
||||
- When `nested-podman` is enabled, sloptrap makes the container root filesystem writable long enough to synthesize container-local `/etc/subuid` and `/etc/subgid` files from the live namespace maps, so rootless nested Podman does not depend on host subid files.
|
||||
|
||||
## Execution Environment
|
||||
|
||||
|
||||
Reference in New Issue
Block a user