1 files changed, 55 insertions, 7 deletions

diff --git a/recipes-containers/container-host-config/container-host-config/storage.conf b/recipes-containers/container-host-config/container-host-config/storage.conf
index 722750c0..cb4525f2 100644
--- a/recipes-containers/container-host-config/container-host-config/storage.conf
+++ b/recipes-containers/container-host-config/container-host-config/storage.conf
@@ -1,5 +1,14 @@
-# This file is is the configuration file for all tools
-# that use the containers/storage library.
+# This file is the configuration file for all tools
+# that use the containers/storage library. The storage.conf file
+# overrides all other storage.conf files. Container engines using the
+# container/storage library do not inherit fields from other storage.conf
+# files.
+#
+#  Note: The storage.conf file overrides other storage.conf files based on this precedence:
+#      /usr/containers/storage.conf
+#      /etc/containers/storage.conf
+#      $HOME/.config/containers/storage.conf
+#      $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set)
 # See man 5 containers-storage.conf for more information
 # The "container storage" table contains all of the server options.
 [storage]
@@ -11,12 +20,28 @@ driver = "overlay"
 runroot = "/run/containers/storage"
 
 # Primary Read/Write location of container storage
+# When changing the graphroot location on an SELINUX system, you must
+# ensure  the labeling matches the default locations labels with the
+# following commands:
+# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
+# restorecon -R -v /NEWSTORAGEPATH
 graphroot = "/var/lib/containers/storage"
 
+# Optional alternate location of image store if a location separate from the
+# container store is required. If set, it must be different than graphroot.
+# imagestore = ""
+
+
 # Storage path for rootless users
 #
 # rootless_storage_path = "$HOME/.local/share/containers/storage"
 
+# Transient store mode makes all container metadata be saved in temporary storage
+# (i.e. runroot above). This is faster, but doesn't persist across reboots.
+# Additional garbage collection must also be performed at boot-time, so this
+# option should remain disabled in most configurations.
+# transient_store = true
+
 [storage.options]
 # Storage options to be passed to underlying storage drivers
 
@@ -25,6 +50,28 @@ graphroot = "/var/lib/containers/storage"
 additionalimagestores = [
 ]
 
+# Allows specification of how storage is populated when pulling images. This
+# option can speed the pulling process of images compressed with format
+# zstd:chunked. Containers/storage looks for files within images that are being
+# pulled from a container registry that were previously pulled to the host.  It
+# can copy or create a hard link to the existing file when it finds them,
+# eliminating the need to pull them from the container registry. These options
+# can deduplicate pulling of content, disk storage of content and can allow the
+# kernel to use less memory when running containers.
+
+# containers/storage supports three keys
+#   * enable_partial_images="true" | "false"
+#     Tells containers/storage to look for files previously pulled in storage
+#     rather then always pulling them from the container registry.
+#   * use_hard_links = "false" | "true"
+#     Tells containers/storage to use hard links rather then create new files in
+#     the image, if an identical file already existed in storage.
+#   * ostree_repos = ""
+#     Tells containers/storage where an ostree repository exists that might have
+#     previously pulled content which can be used when attempting to avoid
+#     pulling content from the container registry
+pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""}
+
 # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
 # a container, to the UIDs/GIDs as they should appear outside of the container,
 # and the length of the range of UIDs/GIDs.  Additional mapped sets can be
@@ -32,8 +79,8 @@ additionalimagestores = [
 # mappings which the kernel will allow when you later attempt to run a
 # container.
 #
-# remap-uids = 0:1668442479:65536
-# remap-gids = 0:1668442479:65536
+# remap-uids = "0:1668442479:65536"
+# remap-gids = "0:1668442479:65536"
 
 # Remap-User/Group is a user name which can be used to look up one or more UID/GID
 # ranges in the /etc/subuid or /etc/subgid file.  Mappings are set up starting
@@ -41,7 +88,8 @@ additionalimagestores = [
 # range that matches the specified name, and using the length of that range.
 # Additional ranges are then assigned, using the ranges which specify the
 # lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
-# until all of the entries have been used for maps.
+# until all of the entries have been used for maps. This setting overrides the
+# Remap-UIDs/GIDs setting.
 #
 # remap-user = "containers"
 # remap-group = "containers"
@@ -57,7 +105,7 @@ additionalimagestores = [
 # Auto-userns-min-size is the minimum size for a user namespace created automatically.
 # auto-userns-min-size=1024
 #
-# Auto-userns-max-size is the minimum size for a user namespace created automatically.
+# Auto-userns-max-size is the maximum size for a user namespace created automatically.
 # auto-userns-max-size=65536
 
 [storage.options.overlay]
@@ -113,7 +161,7 @@ mountopt = "nodev"
 #  future.  When "force_mask" is set the original permission mask is stored in
 #  the "user.containers.override_stat" xattr and the "mount_program" option must
 #  be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
-#  extended attribute permissions to processes within containers rather then the
+#  extended attribute permissions to processes within containers rather than the
 #  "force_mask"  permissions.
 #
 # force_mask = ""