The config file load order for the policy has been updated in podman-container-tools/container-libs#711 & podman-container-tools/container-libs#795.
From https://github.com/podman-container-tools/container-libs/blob/main/image/docs/containers-policy.json.5.md:
By default, the policy is read from $XDG_CONFIG_HOME/containers/policy.json (or from $HOME/.config/containers/policy.json if $XDG_CONFIG_HOME is unset), if it exists; otherwise from /etc/containers/policy.json; otherwise from /usr/share/containers/policy.json. Applications performing verification may allow using a different policy instead.
If CONTAINERS_POLICY_JSON is set, it specifies the policy file to use, unless overridden by application-specific configuration.
This has just landed in Rawhide (https://bodhi.fedoraproject.org/updates/FEDORA-2026-2419096432) and the CoreOS tests failed there but the update was pushed.
We should thus update the bootc code following that change.
From coreos/fedora-coreos-config#4220 / coreos/fedora-coreos-config#4215
The config file load order for the policy has been updated in podman-container-tools/container-libs#711 & podman-container-tools/container-libs#795.
From https://github.com/podman-container-tools/container-libs/blob/main/image/docs/containers-policy.json.5.md:
This has just landed in Rawhide (https://bodhi.fedoraproject.org/updates/FEDORA-2026-2419096432) and the CoreOS tests failed there but the update was pushed.
We should thus update the bootc code following that change.
From coreos/fedora-coreos-config#4220 / coreos/fedora-coreos-config#4215