Merge pull request #27310 from mheon/default-runtime-flags

Add support for runtime flags in containers.conf

cmd/podman/common/build.go

@@ -449,6 +449,12 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *Buil
 	for _, arg := range podmanConfig.RuntimeFlags {
 		runtimeFlags = append(runtimeFlags, "--"+arg)
 	}
+	configIndex := filepath.Base(podmanConfig.RuntimePath)
+	if len(runtimeFlags) == 0 {
+		for _, arg := range podmanConfig.ContainersConfDefaultsRO.Engine.OCIRuntimesFlags[configIndex] {
+			runtimeFlags = append(runtimeFlags, "--"+arg)
+		}
+	}
 	if podmanConfig.ContainersConf.Engine.CgroupManager == config.SystemdCgroupsManager {
 		runtimeFlags = append(runtimeFlags, "--systemd-cgroup")
 	}

docs/source/markdown/options/runtime-flag.md

@@ -6,4 +6,6 @@
 
 Adds global flags for the container runtime. To list the supported flags, please consult the manpages of the selected container runtime.
 
+Default runtime flags can be added in containers.conf.
+
 Note: Do not pass the leading -- to the flag. To pass the runc flag --log-format json to buildah build, the option given is --runtime-flag log-format=json.

docs/source/markdown/podman.1.md

@@ -147,6 +147,8 @@ consult the manpages of the selected container runtime (`runc` is the default
 runtime, the manpage to consult is `runc(8)`.  When the machine is configured
 for cgroup V2, the default runtime is `crun`, the manpage to consult is `crun(8)`.).
 
+Default runtime flags can be added in containers.conf.
+
 Note: Do not pass the leading `--` to the flag. To pass the runc flag `--log-format json`
 to podman build, the option given can be `--runtime-flag log-format=json`.
 

libpod/oci_conmon_common.go

@@ -93,6 +93,14 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime
 		supportsKVM[r] = true
 	}
 
+	configIndex := filepath.Base(name)
+
+	if len(runtimeFlags) == 0 {
+		for _, arg := range runtimeCfg.Engine.OCIRuntimesFlags[configIndex] {
+			runtimeFlags = append(runtimeFlags, "--"+arg)
+		}
+	}
+
 	runtime := new(ConmonOCIRuntime)
 	runtime.name = name
 	runtime.conmonPath = conmonPath
@@ -108,10 +116,9 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime
 	// TODO: probe OCI runtime for feature and enable automatically if
 	// available.
 
-	base := filepath.Base(name)
-	runtime.supportsJSON = supportsJSON[base]
-	runtime.supportsNoCgroups = supportsNoCgroups[base]
-	runtime.supportsKVM = supportsKVM[base]
+	runtime.supportsJSON = supportsJSON[configIndex]
+	runtime.supportsNoCgroups = supportsNoCgroups[configIndex]
+	runtime.supportsKVM = supportsKVM[configIndex]
 
 	foundPath := false
 	for _, path := range paths {

test/system/030-run.bats

@@ -58,6 +58,25 @@ echo $rand        |   0 | $rand
     is "$output" ".*invalidflag" "failed when passing undefined flags to the runtime"
 }
 
+# bats test_tags=ci:parallel
+@test "podman run - containers.conf runtime options" {
+    skip_if_remote "requires local containers.conf"
+
+    containersConf=$PODMAN_TMPDIR/containers.conf
+    cat >$containersConf <<EOF
+[engine]
+runtime="$(podman_runtime)"
+
+[engine.runtimes_flags]
+$(podman_runtime) = [
+  "invalidflag",
+]
+EOF
+
+    CONTAINERS_CONF="$containersConf" run_podman 126 run --rm $IMAGE
+    is "$output" ".*invalidflag" "failed when passing undefined flags to the runtime"
+}
+
 # bats test_tags=ci:parallel
 @test "podman run --memory=0 runtime option" {
     run_podman run --memory=0 --rm $IMAGE echo hello