common icon indicating copy to clipboard operation
common copied to clipboard
verified publisher icon containers

A few thoughts on oci runtime and other binary preset paths

Open unknowndevQwQ opened this issue 3 years ago • 0 comments

containers.conf:

cni_plugin_dirs = [
  "/usr/local/libexec/cni",
  "/usr/libexec/cni",
  "/usr/local/lib/cni",
  "/usr/lib/cni",
  "/opt/cni/bin",
]

conmon_path = [
  "/usr/libexec/podman/conmon",
  "/usr/local/libexec/podman/conmon",
  "/usr/local/lib/podman/conmon",
  "/usr/bin/conmon",
  "/usr/sbin/conmon",
  "/usr/local/bin/conmon",
  "/usr/local/sbin/conmon"
]

helper_binaries_dir = [
  "/usr/local/libexec/podman",
  "/usr/local/lib/podman",
  "/usr/libexec/podman",
  "/usr/lib/podman",
]

# Most OCI Runtime, with crun as an example:
#crun = [
#  "/usr/bin/crun",
#  "/usr/sbin/crun",
#  "/usr/local/bin/crun",
#  "/usr/local/sbin/crun",
#  "/sbin/crun",
#  "/bin/crun",
#  "/run/current-system/sw/bin/crun",
#]

In the real world, it is not common to put oci runtime in */sbin, and the path ordering of conmon does not make sense as well as helper_binaries_dir. To make matters worse, containers.conf.5.md records a path that does not match containers.conf

containers.conf.5.md:

conmon_path=[
    "/usr/libexec/podman/conmon",
    "/usr/local/libexec/podman/conmon",
    "/usr/local/lib/podman/conmon",
    "/usr/bin/conmon",
    "/usr/sbin/conmon",
    "/usr/local/bin/conmon",
    "/usr/local/sbin/conmon",
    "/run/current-system/sw/bin/conmon",
]

Only some oci runtimes currently add /run/current-system/sw/bin, but NixOS users don't seem to be affected by the absence of /run/current-system/sw/bin in other paths I suggest changing the priority of /usr/lib related directories to /usr/local/libexec , /usr/local/lib, /usr/libexec, /usr/lib, and /usr/bin related directories to /usr/local/bin, /usr/bin, /bin. But I'm not sure what bad consequences a complete deletion of /run/current-system/sw/bin would cause, and might need some advice from NixOS users

Example after change:

cni_plugin_dirs = [
  "/usr/local/libexec/cni",
  "/usr/local/lib/cni",
  "/usr/libexec/cni",
  "/usr/lib/cni",
  "/opt/cni/bin",
]

conmon_path = [
  "/usr/local/libexec/podman/conmon",
  "/usr/local/lib/podman/conmon",
  "/usr/libexec/podman/conmon",
  "/usr/lib/podman/conmon",
  "/usr/local/sbin/conmon",
  "/usr/local/bin/conmon",
  "/usr/sbin/conmon",
  "/usr/bin/conmon",
]

helper_binaries_dir = [
  "/usr/local/libexec/podman",
  "/usr/local/lib/podman",
  "/usr/libexec/podman",
  "/usr/lib/podman",
]

# Most OCI Runtime, with crun as an example:
#crun = [
#  "/usr/local/bin/crun",
#  "/usr/bin/crun",
#  "/bin/crun",
#]

unknowndevQwQ avatar Oct 31 '22 14:10 unknowndevQwQ