diff --git a/SOURCES/Containerfile.5.md b/SOURCES/Containerfile.5.md
index 141e99d..90226bc 100644
--- a/SOURCES/Containerfile.5.md
+++ b/SOURCES/Containerfile.5.md
@@ -118,7 +118,7 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
 
               · dst, destination, target: mount destination spec.
 
-              · ro, read-only: true or false (default).
+              · ro, read-only: true (default) or false.
 
        Options specific to bind:
 
@@ -128,6 +128,8 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
 
               · from: stage or image name for the root of the source. Defaults to the build context.
 
+              · rw, read-write: allows writes on the mount.
+
        Options specific to tmpfs:
 
               · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
@@ -150,6 +152,8 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
 
               · from: stage name for the root of the source. Defaults to host cache directory.
 
+              · rw, read-write: allows writes on the mount.
+
 
 **RUN Secrets**
 
diff --git a/SOURCES/containers.conf b/SOURCES/containers.conf
index ffea089..2160137 100644
--- a/SOURCES/containers.conf
+++ b/SOURCES/containers.conf
@@ -53,7 +53,6 @@
 # the default capabilities defined in the container engine will be added.
 #
 default_capabilities = [
-    "NET_RAW",
   "CHOWN",
   "DAC_OVERRIDE",
   "FOWNER",
diff --git a/SOURCES/default.yaml b/SOURCES/default.yaml
index fa2ea36..a7f3d28 100644
--- a/SOURCES/default.yaml
+++ b/SOURCES/default.yaml
@@ -1,8 +1,8 @@
 # This is a default registries.d configuration file.  You may
 # add to this file or create additional files in registries.d/.
 #
-# lookaside: indicates a location that is read and write
-# lookaside-staging: indicates a location that is only for write
+# lookaside: for reading/writing simple signing signatures
+# lookaside-staging: for writing simple signing signatures, preferred over lookaside
 #
 # lookaside and lookaside-staging take a value of the following:
 #   lookaside:  {schema}://location
@@ -10,10 +10,12 @@
 # For reading signatures, schema may be http, https, or file.
 # For writing signatures, schema may only be file.
 
-# This is the default signature write location for docker registries.
+# The default locations are built-in, for both reading and writing:
+# /var/lib/containers/sigstore for root, or
+# ~/.local/share/containers/sigstore for non-root users.
 default-docker:
-#  lookaside: file:///var/lib/containers/sigstore
-  lookaside-staging: file:///var/lib/containers/sigstore
+#  lookaside: https://…
+#  lookaside-staging: file:///…
 
 # The 'docker' indicator here is the start of the configuration
 # for docker registries.
@@ -21,6 +23,6 @@ default-docker:
 # docker:
 #
 #   privateregistry.com:
-#    lookaside: http://privateregistry.com/sigstore/
+#    lookaside: https://privateregistry.com/sigstore/
 #    lookaside-staging: /mnt/nfs/privateregistry/sigstore
 
diff --git a/SOURCES/pyxis.sh b/SOURCES/pyxis.sh
index bf50258..f5b7618 100755
--- a/SOURCES/pyxis.sh
+++ b/SOURCES/pyxis.sh
@@ -6,7 +6,7 @@ if [ "$TOTAL" == "null" ]; then
   echo "Error comunicating with Pyxis API."
   exit 1
 fi
-PAGES=$(($TOTAL/500))
+PAGES=$(($TOTAL/250))
 for P in `seq 0 $PAGES`; do
   curl -s --negotiate -u: -H 'Content-Type: application/json' -H 'Accept: application/json' -X GET "https://pyxis.engineering.redhat.com/v1/repositories?page_size=500&page=$P" > /tmp/pyxis$P.json
 done
diff --git a/SOURCES/shortnames.conf b/SOURCES/shortnames.conf
index 4dfba37..2009c4c 100644
--- a/SOURCES/shortnames.conf
+++ b/SOURCES/shortnames.conf
@@ -3,7 +3,7 @@
   "almalinux" = "docker.io/library/almalinux"
   "almalinux-minimal" = "docker.io/library/almalinux-minimal"
   # Arch Linux
-  "archlinux" = "docker.io/archlinux/archlinux"
+  "archlinux" = "docker.io/library/archlinux"
   # centos
   "centos" = "quay.io/centos/centos"
   # containers
@@ -42,6 +42,10 @@
   "sles12sp5" = "registry.suse.com/suse/sles12sp5"
   "sles12sp4" = "registry.suse.com/suse/sles12sp4"
   "sles12sp3" = "registry.suse.com/suse/sles12sp3"
+  "bci/bci-base" = "registry.suse.com/bci/bci-base"
+  "bci/bci-micro" = "registry.suse.com/bci/bci-micro"
+  "bci/bci-minimal" = "registry.suse.com/bci/bci-minimal"
+  "bci/bci-busybox" = "registry.suse.com/bci/bci-busybox"
   # Red Hat Enterprise Linux
   "rhel" = "registry.access.redhat.com/rhel"
   "rhel6" = "registry.access.redhat.com/rhel6"
@@ -111,5 +115,7 @@
   "php" = "docker.io/library/php"
   # python
   "python" = "docker.io/library/python"
+  # rust
+  "rust" = "docker.io/library/rust"
   # node
   "node" = "docker.io/library/node"
diff --git a/SOURCES/update.sh b/SOURCES/update.sh
index 17bab9d..af4911d 100755
--- a/SOURCES/update.sh
+++ b/SOURCES/update.sh
@@ -31,6 +31,11 @@ ensure containers.conf runtime                       \"runc\"
 ensure containers.conf events_logger                 \"file\"
 ensure containers.conf log_driver                    \"k8s-file\"
 ensure containers.conf network_backend               \"cni\"
+if ! grep \"NET_RAW\" containers.conf > /dev/null
+then
+  sed -i '/^default_capabilities/a \
+    "NET_RAW",' containers.conf
+fi
 else
 ensure registries.conf unqualified-search-registries [\"docker.io\"]
 ensure registries.conf short-name-mode               \"enforcing\"
@@ -40,8 +45,3 @@ fi
 				"keyctl",' seccomp.json
 sed -i '/\"socketcall\",/i \
 				"socket",' seccomp.json
-if ! grep \"NET_RAW\" containers.conf > /dev/null
-then
-  sed -i '/^default_capabilities/a \
-    "NET_RAW",' containers.conf
-fi
diff --git a/SPECS/containers-common.spec b/SPECS/containers-common.spec
index f66e598..fa9f6cd 100644
--- a/SPECS/containers-common.spec
+++ b/SPECS/containers-common.spec
@@ -4,7 +4,7 @@
 # pick the oldest version on c/image, c/common, c/storage vendored in
 # podman/skopeo/podman.
 %global skopeo_branch main
-%global image_branch v5.22.0
+%global image_branch v5.22.1
 %global common_branch v0.49.1
 %global storage_branch v1.42.0
 %global shortnames_branch main
@@ -12,7 +12,7 @@
 Epoch: 2
 Name: containers-common
 Version: 1
-Release: 44%{?dist}.inferit
+Release: 49%{?dist}.inferit
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 ExclusiveArch: %{go_arches}
@@ -139,10 +139,30 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
 %{_datadir}/rhel/secrets/*
 
 %changelog
-* Tue Apr 11 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 2:1-44.inferit
+* Tue Apr 11 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 2:1-49.inferit
 - MSVSphere debranding
 - Rebuilt for MSVSphere 9.1.
 
+* Sun Jan 08 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-49
+- update vendored components, regenerate pyxis
+- Resolves: #2158512
+
+* Thu Dec 01 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-48
+- update vendored components and configuration files
+- Resolves: #2149776
+
+* Wed Oct 26 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-47
+- update vendored components and configuration files
+- Resolves: #2136847
+
+* Wed Oct 26 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-46
+- update vendored components and configuration files
+- Resolves: #2136845
+
+* Thu Oct 13 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-45
+- add beta GPG key
+- Resolves: #2123611
+
 * Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-44
 - exclude non-go arches because of go-md2man
 - Related: #2061316