mirror of
https://github.com/containers/podman.git
synced 2025-10-19 20:23:08 +08:00
0f18a0144a
These annotations can have security implications - crun, for example, allows rootless containers to preserve the user's groups through an annotation. We absolutely should not include annotations from an untrusted image off the internet by default. We may consider whitelisting some annotations (e.g. the legacy WASM annotations), but given that there is now a more explicit way of specifying an image uses the WASM runtime in the OCI image spec, I'm just tearing this out entirely for now. Signed-off-by: Matt Heon <mheon@redhat.com>