Vendor in latest containers/common with default capabilities

Also update vendor of containers/storage and image

Cleanup display of added/dropped capabilties as well

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -52,19 +52,18 @@
 # List of default capabilities for containers. If it is empty or commented out,
 # the default capabilities defined in the container engine will be added.
 #
-default_capabilities = [
-  "CHOWN",
-  "DAC_OVERRIDE",
-  "FOWNER",
-  "FSETID",
-  "KILL",
-  "NET_BIND_SERVICE",
-  "SETFCAP",
-  "SETGID",
-  "SETPCAP",
-  "SETUID",
-  "SYS_CHROOT"
-]
+#default_capabilities = [
+#  "CHOWN",
+#  "DAC_OVERRIDE",
+#  "FOWNER",
+#  "FSETID",
+#  "KILL",
+#  "NET_BIND_SERVICE",
+#  "SETFCAP",
+#  "SETGID",
+#  "SETPCAP",
+#  "SETUID",
+#]
 
 # A list of sysctls to be set in containers by default,
 # specified as "name=value",

vendor/github.com/containers/common/pkg/config/default.go

@@ -50,20 +50,16 @@ var (
 	DefaultHooksDirs = []string{"/usr/share/containers/oci/hooks.d"}
 	// DefaultCapabilities is the default for the default_capabilities option in the containers.conf file.
 	DefaultCapabilities = []string{
-		"CAP_AUDIT_WRITE",
 		"CAP_CHOWN",
 		"CAP_DAC_OVERRIDE",
 		"CAP_FOWNER",
 		"CAP_FSETID",
 		"CAP_KILL",
-		"CAP_MKNOD",
 		"CAP_NET_BIND_SERVICE",
-		"CAP_NET_RAW",
 		"CAP_SETFCAP",
 		"CAP_SETGID",
 		"CAP_SETPCAP",
 		"CAP_SETUID",
-		"CAP_SYS_CHROOT",
 	}
 
 	// Search these locations in which CNIPlugins can be installed.

vendor/github.com/containers/common/pkg/config/default_darwin.go

@@ -14,5 +14,9 @@ func getLibpodTmpDir() string {
 
 // getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
 func getDefaultMachineVolumes() []string {
-	return []string{"$HOME:$HOME"}
+	return []string{
+		"/Users:/Users",
+		"/private:/private",
+		"/var/folders:/var/folders",
+	}
 }