On Wed, Oct 4, 2017 at 1:54 PM, Giuseppe Scrivano <gscri...@redhat.com> wrote: > for the system containers in principle there might be more differences, > like in the config.json.template file.
Agreed. If we can split these differences up into components it should become easier to generate the results for each downstream repo without losing new features/fixes. > The only one I am aware of right > now is that on CentOS/RHEL there is no CAP_AUDIT_READ while we have it > on Fedora. > > Privileged containers need to have two different configurations: > > https://github.com/projectatomic/atomic-system-containers/blob/master/docker-fedora/config.json.template#L62 > > https://github.com/projectatomic/atomic-system-containers/blob/master/docker-centos/config.json.template > > One easy way to solve it could be to define another variable from atomic > $ALL_CAPS that gets its value at installation time instead of listing > all the caps in the config.json.template file. True. For the caps I don't see a compelling reason to avoid enhancing the atomic command. Though I think there are enough other differences between files due to standards/distro specific requirements to warrant building from a single source no matter if we add cap generation within atomic. -- Thanks, Steve Milner Atomic | Red Hat | http://projectatomic.io/
