Merge pull request containers#1378 from vrothberg/containers_conf_extra

pkg/config: add CONTAINERS_CONF_OVERRIDE
Luap99 · Mar 23, 2023 · 03a2cc0 · 03a2cc0
2 parents 28ebcc6 + 1665db7
commit 03a2cc0
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 14 deletions.
diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
@@ -769,16 +769,25 @@ default is `QEMU` and on Windows it is `WSL`.
 **containers.conf**
 
 Distributions often provide a `/usr/share/containers/containers.conf` file to
-define default container configuration. Administrators can override fields in
-this file by creating `/etc/containers/containers.conf` to specify their own
-configuration. Rootless users can further override fields in the config by
-creating a config file stored in the `$HOME/.config/containers/containers.conf` file.
+provide a default configuration. Administrators can override fields in this
+file by creating `/etc/containers/containers.conf` to specify their own
+configuration. They may also drop `.conf` files in
+`/etc/containers/containers.conf.d` which will be loaded in alphanumeric order.
+Rootless users can further override fields in the config by creating a config
+file stored in the `$HOME/.config/containers/containers.conf` file or `.conf`
+files in `$HOME/.config/containers/containers.conf.d`.
 
-If the `CONTAINERS_CONF` path environment variable is set, just
-this path will be used. This is primarily used for testing.
+If the `CONTAINERS_CONF` environment variable is set, all system and user
+config files are ignored and only the specified config file will be loaded.
 
-Fields specified in the containers.conf file override the default options, as
-well as options in previously read containers.conf files.
+If the `CONTAINERS_CONF_OVERRIDE` path environment variable is set, the config
+file will be loaded last even when `CONTAINERS_CONF` is set.
+
+The values of both environment variables may be absolute or relative paths, for
+instance, `CONTAINERS_CONF=/tmp/my_containers.conf`.
+
+Fields specified in a containers.conf file override the default options, as
+well as options in previously loaded containers.conf files.
 
 **storage.conf**
 

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -765,11 +765,21 @@ func addConfigs(dirPath string, configs []string) ([]string, error) {
 // Returns the list of configuration files, if they exist in order of hierarchy.
 // The files are read in order and each new file can/will override previous
 // file settings.
-func systemConfigs() ([]string, error) {
-	var err error
-	configs := []string{}
-	path := os.Getenv("CONTAINERS_CONF")
-	if path != "" {
+func systemConfigs() (configs []string, finalErr error) {
+	if path := os.Getenv("CONTAINERS_CONF_OVERRIDE"); path != "" {
+		if _, err := os.Stat(path); err != nil {
+			return nil, fmt.Errorf("CONTAINERS_CONF_OVERRIDE file: %w", err)
+		}
+		// Add the override config last to make sure it can override any
+		// previous settings.
+		defer func() {
+			if finalErr == nil {
+				configs = append(configs, path)
+			}
+		}()
+	}
+
+	if path := os.Getenv("CONTAINERS_CONF"); path != "" {
 		if _, err := os.Stat(path); err != nil {
 			return nil, fmt.Errorf("CONTAINERS_CONF file: %w", err)
 		}
@@ -781,12 +791,14 @@ func systemConfigs() ([]string, error) {
 	if _, err := os.Stat(OverrideContainersConfig); err == nil {
 		configs = append(configs, OverrideContainersConfig)
 	}
+
+	var err error
 	configs, err = addConfigs(OverrideContainersConfig+".d", configs)
 	if err != nil {
 		return nil, err
 	}
 
-	path, err = ifRootlessConfigPath()
+	path, err := ifRootlessConfigPath()
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -913,4 +913,20 @@ env=["foo=bar"]`
 		err := ValidateImageVolumeMode("bogus")
 		gomega.Expect(err).To(gomega.HaveOccurred())
 	})
+
+	It("CONTAINERS_CONF_OVERRIDE", func() {
+		os.Setenv("CONTAINERS_CONF_OVERRIDE", "testdata/containers_override.conf")
+		defer os.Unsetenv("CONTAINERS_CONF_OVERRIDE")
+		config, err := NewConfig("")
+		gomega.Expect(err).ToNot(gomega.HaveOccurred())
+		gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal("overridden-default"))
+
+		// Make sure that _OVERRIDE is loaded even when CONTAINERS_CONF is set.
+		os.Setenv("CONTAINERS_CONF", "testdata/containers_default.conf")
+		defer os.Unsetenv("CONTAINERS_CONF")
+		config, err = NewConfig("")
+		gomega.Expect(err).ToNot(gomega.HaveOccurred())
+		gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal("overridden-default"))
+		gomega.Expect(config.Containers.BaseHostsFile).To(gomega.Equal("/etc/hosts2"))
+	})
 })