diff --git a/_service b/_service
index 5084e90..e0cf94e 100644
--- a/_service
+++ b/_service
@@ -4,32 +4,32 @@
https://github.com/containers/storage.git
git
storage
-1.20.2
-v1.20.2
+1.24.5
+v1.24.5
https://github.com/containers/image.git
git
image
-5.5.1
-v5.5.1
+5.9.0
+v5.9.0
https://github.com/containers/podman.git
git
podman
-2.0.3
-v2.0.3
+2.2.1
+v2.2.1
https://github.com/containers/common.git
git
common
-0.14.6
-v0.14.6
+0.33.0
+v0.33.0
diff --git a/common-0.14.6.tar.xz b/common-0.14.6.tar.xz
deleted file mode 100644
index 351a4f9..0000000
--- a/common-0.14.6.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0e9111b89df5325547c3014d17eeadf9be2f4e69c1c69f0605ad502960438e83
-size 2194176
diff --git a/common-0.33.0.tar.xz b/common-0.33.0.tar.xz
new file mode 100644
index 0000000..732f46a
--- /dev/null
+++ b/common-0.33.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3f2f08d1237d399864e0732bd64f613b855db0262d7537ccc11f14d46a359ee5
+size 2438172
diff --git a/containers.conf b/containers.conf
index 9a042c5..710288b 100644
--- a/containers.conf
+++ b/containers.conf
@@ -52,7 +52,7 @@
# Options are:
# `enabled` Enable cgroup support within container
# `disabled` Disable cgroup support, will inherit cgroups from parent
-# `no-conmon` Container engine runs run without conmon
+# `no-conmon` Do not create a cgroup dedicated to conmon.
#
# cgroups = "enabled"
@@ -77,11 +77,11 @@
# A list of sysctls to be set in containers by default,
# specified as "name=value",
-# for example:"net.ipv4.ping_group_range = 0 1000".
+# for example:"net.ipv4.ping_group_range = 0 0".
#
-# default_sysctls = [
-# "net.ipv4.ping_group_range=0 1000",
-# ]
+#default_sysctls = [
+# "net.ipv4.ping_group_range=0 0",
+#]
# A list of ulimits to be set in containers by default, specified as
# "=:", for example:
@@ -92,7 +92,7 @@
# Ulimits has limits for non privileged container engines.
#
# default_ulimits = [
-# "nofile"="1280:2560",
+# "nofile=1280:2560",
# ]
# List of default DNS options to be added to /etc/resolv.conf inside of the container.
@@ -116,18 +116,13 @@
#
# env = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+# "TERM=xterm",
# ]
# Pass all host environment variables into the container.
#
# env_host = false
-# Path to OCI hooks directories for automatically executed hooks.
-#
-# hooks_dir = [
-# "/usr/share/containers/oci/hooks.d",
-# ]
-
# Default proxy environment variables passed into the container.
# The environment variables passed in include:
# http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of
@@ -152,9 +147,13 @@ init_path = "/usr/bin/catatonit"
#
# ipcns = "private"
-# Flag tells container engine to whether to use container separation using
-# MAC(SELinux)labeling or not.
-# Flag is ignored on label disabled systems.
+# keyring tells the container engine whether to create
+# a kernel keyring for use within the container.
+# keyring = true
+
+# label tells the container engine whether to use container separation using
+# MAC(SELinux) labeling or not.
+# The label flag is ignored on label disabled systems.
#
# label = true
@@ -248,6 +247,9 @@ cni_plugin_dirs = ["@LIBEXECDIR@/cni"]
# network_config_dir = "/etc/cni/net.d/"
[engine]
+# ImageBuildFormat indicates the default image format to building
+# container images. Valid values are "oci" (default) or "docker".
+# image_build_format = "oci"
# Cgroup management implementation used for the runtime.
# Valid options "systemd" or "cgroupfs"
@@ -299,6 +301,12 @@ cni_plugin_dirs = ["@LIBEXECDIR@/cni"]
#
# events_logger = "journald"
+# Path to OCI hooks directories for automatically executed hooks.
+#
+# hooks_dir = [
+# "/usr/share/containers/oci/hooks.d",
+# ]
+
# Default transport method for pulling and pushing for images
#
# image_default_transport = "docker://"
@@ -322,6 +330,12 @@ cni_plugin_dirs = ["@LIBEXECDIR@/cni"]
#
# lock_type** = "shm"
+# MultiImageArchive - if true, the container engine allows for storing archives
+# (e.g., of the docker-archive transport) with multiple images. By default,
+# Podman creates single-image archives.
+#
+# multi_image_archive = "false"
+
# Default engine namespace
# If engine is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and
@@ -331,6 +345,15 @@ cni_plugin_dirs = ["@LIBEXECDIR@/cni"]
#
# namespace = ""
+# Path to the slirp4netns binary
+#
+# network_cmd_path=""
+
+# Default options to pass to the slirp4netns binary.
+# For example "allow_host_loopback=true"
+#
+# network_cmd_options=[]
+
# Whether to use chroot instead of pivot_root in the runtime
#
# no_pivot_root = false
@@ -344,6 +367,11 @@ cni_plugin_dirs = ["@LIBEXECDIR@/cni"]
# Whether to pull new image before running a container
# pull_policy = "missing"
+# Indicates whether the application should be running in remote mode. This flag modifies the
+# --remote option on container engines. Setting the flag to true will default
+# `podman --remote=true` for access to the remote Podman service.
+# remote = false
+
# Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage
# stores containers
@@ -398,7 +426,7 @@ cni_plugin_dirs = ["@LIBEXECDIR@/cni"]
# Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa"
-# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
+# Paths to look for a valid OCI runtime (crun, runc, kata, etc)
[engine.runtimes]
# runc = [
# "/usr/bin/runc",
@@ -431,8 +459,11 @@ cni_plugin_dirs = ["@LIBEXECDIR@/cni"]
# "/usr/bin/kata-fc",
# ]
-# The [engine.runtimes] table MUST be the last entry in this file.
+[engine.volume_plugins]
+# testplugin = "/run/podman/plugins/test.sock"
+
+# The [engine.volume_plugins] table MUST be the last entry in this file.
# (Unless another table is added)
# TOML does not provide a way to end a table other than a further table being
-# defined, so every key hereafter will be part of [runtimes] and not the main
-# config.
+# defined, so every key hereafter will be part of [volume_plugins] and not the
+# main config.
diff --git a/image-5.5.1.tar.xz b/image-5.5.1.tar.xz
deleted file mode 100644
index d3f2538..0000000
--- a/image-5.5.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e4fedb64bd9196c0526b3d69de2113aaeb66a10680b21b22bbc5369224a2d312
-size 305952
diff --git a/image-5.9.0.tar.xz b/image-5.9.0.tar.xz
new file mode 100644
index 0000000..dfad362
--- /dev/null
+++ b/image-5.9.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b3a1a8fbbd3773f38592f35ce0dae0a86b0a330dd11fec3de1d3c01253a9ff9
+size 332188
diff --git a/libcontainers-common.changes b/libcontainers-common.changes
index 8f6cd1f..ad51bac 100644
--- a/libcontainers-common.changes
+++ b/libcontainers-common.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Jan 12 08:43:22 UTC 2021 - Sascha Grunert
+
+- Update common to 0.33.0
+- Update image to 5.9.0
+- Update podman to 2.2.1
+- Update storage to 1.24.5
+- Switch to seccomp profile provided by common instead of podman
+- Update containers.conf to match latest version
+
-------------------------------------------------------------------
Tue Oct 13 15:53:05 UTC 2020 - Jan Engelhardt
diff --git a/libcontainers-common.spec b/libcontainers-common.spec
index 8e92c69..d88b9dc 100644
--- a/libcontainers-common.spec
+++ b/libcontainers-common.spec
@@ -17,19 +17,19 @@
# commonver - version from containers/common
-%define commonver 0.14.6
+%define commonver 0.33.0
# podman - version from containers/podman
-%define podmanver 2.0.3
+%define podmanver 2.2.1
# storagever - version from containers/storage
-%define storagever 1.20.2
+%define storagever 1.24.5
# imagever - version from containers/image
-%define imagever 5.5.1
+%define imagever 5.9.0
Name: libcontainers-common
-Version: 20200727
+Version: 20210112
Release: 0
Summary: Configuration files common to github.com/containers
License: Apache-2.0 AND GPL-3.0-or-later
@@ -110,8 +110,8 @@ install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/containers/registries.
install -D -m 0644 %{SOURCE8} %{buildroot}/%{_sysconfdir}/containers/registries.d/default.yaml
sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE10}
install -D -m 0644 %{SOURCE10} %{buildroot}/%{_datadir}/containers/containers.conf
-install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_datadir}/containers/seccomp.json
-install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_sysconfdir}/containers/seccomp.json
+install -D -m 0644 common-%{commonver}/pkg/seccomp/seccomp.json %{buildroot}/%{_datadir}/containers/seccomp.json
+install -D -m 0644 common-%{commonver}/pkg/seccomp/seccomp.json %{buildroot}/%{_sysconfdir}/containers/seccomp.json
install -d %{buildroot}/%{_mandir}/man1
install -d %{buildroot}/%{_mandir}/man5
diff --git a/podman-2.0.3.tar.xz b/podman-2.0.3.tar.xz
deleted file mode 100644
index a53ab5e..0000000
--- a/podman-2.0.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:306e5d273a6b3d298bc921d1c71a7bcadc07f304c63264c57339b85197db4326
-size 5352032
diff --git a/podman-2.2.1.tar.xz b/podman-2.2.1.tar.xz
new file mode 100644
index 0000000..1abb72f
--- /dev/null
+++ b/podman-2.2.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6c2470aef742aba369f1ffb409c81f1e3f4c0cfaba02590384ed0cdedde858c4
+size 5621768
diff --git a/storage-1.20.2.tar.xz b/storage-1.20.2.tar.xz
deleted file mode 100644
index cb2f7e5..0000000
--- a/storage-1.20.2.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e58d95f7fa0c3de2af79065e238865f40a44e43809f4f63a36997db740c56e7a
-size 1564396
diff --git a/storage-1.24.5.tar.xz b/storage-1.24.5.tar.xz
new file mode 100644
index 0000000..d2115b1
--- /dev/null
+++ b/storage-1.24.5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2e90d3886e06f9f2b9a0408dd0cd76c3569b443694c5d1ed304f779762af66a2
+size 1583300