vendor: update containers/common

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -27,16 +27,19 @@
 #
 #apparmor_profile = "container-default"
 
-# The hosts entries from the base hosts file are added to the containers hosts
-# file. This must be either an absolute path or as special values "image" which
-# uses the hosts file from the container image or "none" which means
-# no base hosts file is used. The default is "" which will use /etc/hosts.
+# Base file to create the `/etc/hosts` file inside the container. This must either
+# be an absolute path to a file on the host system, or one of the following
+# special flags:
+# ""      Use the host's `/etc/hosts` file (the default)
+# `none`  Do not use a base file (i.e. start with an empty file)
+# `image` Use the container image's `/etc/hosts` file as base file
 #
 #base_hosts_file = ""
 
 # List of cgroup_conf entries specifying a list of cgroup files to write to and
 # their values. For example `memory.high=1073741824` sets the
 # memory.high limit to 1GB.
+#
 # cgroup_conf = []
 
 # Default way to to create a cgroup namespace for the container
@@ -126,13 +129,25 @@ default_sysctls = [
 #
 #env_host = false
 
-# Set the ip for the host.containers.internal entry in the containers /etc/hosts
-# file. This can be set to "none" to disable adding this entry. By default it
-# will automatically choose the host ip.
+# Set the IP address the container should expect to connect to the host. The IP
+# address is used by Podman to automatically add the `host.containers.internal`
+# and `host.docker.internal` hostnames to the container's `/etc/hosts` file. It
+# is also used for the *host-gateway* flag of Podman's `--add-host` CLI option.
+# If no IP address is configured (the default), Podman will try to determine it
+# automatically, but might fail to do so depending on the container's network
+# setup. Adding these internal hostnames to `/etc/hosts` is silently skipped then.
+# Set this config to `none` to never add the internal hostnames to `/etc/hosts`.
 #
-# NOTE: When using podman machine this entry will never be added to the containers
-# hosts file instead the gvproxy dns resolver will resolve this hostname. Therefore
-# it is not possible to disable the entry in this case.
+# Note: If Podman is running in a virtual machine using `podman machine` (this
+# includes Mac and Windows hosts), Podman will silently skip adding the internal
+# hostnames to `/etc/hosts`, unless an IP address was configured manually. The
+# internal hostnames are resolved by the gvproxy DNS resolver instead. This config
+# has no effect on gvproxy. However, since `/etc/hosts` bypasses the DNS resolver,
+# a manually configured IP address still takes precedence.
+#
+# Note: This config doesn't affect the actual network setup, it just tells Podman
+# the IP address it should expect. Configuring an IP address here doesn't ensure
+# that the container can actually reach the host using this IP address.
 #
 #host_containers_internal_ip = ""
 
@@ -221,8 +236,10 @@ default_sysctls = [
 #
 #netns = "private"
 
-# Create /etc/hosts for the container.  By default, container engine manage
-# /etc/hosts, automatically adding  the container's  own  IP  address.
+# Do not modify the `/etc/hosts` file in the container. Podman assumes control
+# over the container's `/etc/hosts` file by default; refer to the `--add-host`
+# CLI option for details. To disable this, either set this config to `true`, or
+# use the functionally identical `--no-hosts` CLI option.
 #
 #no_hosts = false
 

vendor/github.com/containers/common/pkg/config/default.go

@@ -120,12 +120,12 @@ var (
 	additionalHelperBinariesDir string
 
 	defaultUnixComposeProviders = []string{
-		"docker-compose",
 		"$HOME/.docker/cli-plugins/docker-compose",
 		"/usr/local/lib/docker/cli-plugins/docker-compose",
 		"/usr/local/libexec/docker/cli-plugins/docker-compose",
 		"/usr/lib/docker/cli-plugins/docker-compose",
 		"/usr/libexec/docker/cli-plugins/docker-compose",
+		"docker-compose",
 		"podman-compose",
 	}
 
@@ -231,7 +231,6 @@ func defaultConfig() (*Config, error) {
 			DNSServers:          attributedstring.Slice{},
 			DefaultCapabilities: attributedstring.NewSlice(DefaultCapabilities),
 			DefaultSysctls:      attributedstring.Slice{},
-			DefaultUlimits:      attributedstring.NewSlice(getDefaultProcessLimits()),
 			Devices:             attributedstring.Slice{},
 			EnableKeyring:       true,
 			EnableLabeling:      selinuxEnabled(),

vendor/github.com/containers/common/pkg/config/default_linux.go

@@ -1,47 +1,13 @@
 package config
 
 import (
-	"fmt"
 	"os"
-	"strconv"
-	"strings"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	oldMaxSize = uint64(1048576)
 )
 
 func getDefaultCgroupsMode() string {
 	return "enabled"
 }
 
-// getDefaultProcessLimits returns the nproc for the current process in ulimits format
-// Note that nfile sometimes cannot be set to unlimited, and the limit is hardcoded
-// to (oldMaxSize) 1048576 (2^20), see: http://stackoverflow.com/a/1213069/1811501
-// In rootless containers this will fail, and the process will just use its current limits
-func getDefaultProcessLimits() []string {
-	rlim := unix.Rlimit{Cur: oldMaxSize, Max: oldMaxSize}
-	oldrlim := rlim
-	// Attempt to set file limit and process limit to pid_max in OS
-	dat, err := os.ReadFile("/proc/sys/kernel/pid_max")
-	if err == nil {
-		val := strings.TrimSuffix(string(dat), "\n")
-		maxLimit, err := strconv.ParseUint(val, 10, 64)
-		if err == nil {
-			rlim = unix.Rlimit{Cur: maxLimit, Max: maxLimit}
-		}
-	}
-	defaultLimits := []string{}
-	if err := unix.Setrlimit(unix.RLIMIT_NPROC, &rlim); err == nil {
-		defaultLimits = append(defaultLimits, fmt.Sprintf("nproc=%d:%d", rlim.Cur, rlim.Max))
-	} else if err := unix.Setrlimit(unix.RLIMIT_NPROC, &oldrlim); err == nil {
-		defaultLimits = append(defaultLimits, fmt.Sprintf("nproc=%d:%d", oldrlim.Cur, oldrlim.Max))
-	}
-	return defaultLimits
-}
-
 // getDefaultTmpDir for linux
 func getDefaultTmpDir() string {
 	// first check the TMPDIR env var