From 19099e065da7c810f93e83d68c0776c2336e5e03 Mon Sep 17 00:00:00 2001 From: "Daniel, Dao Quang Minh" Date: Thu, 11 Dec 2014 03:15:42 -0500 Subject: [PATCH] add spec for exec a new process inside a container document desired execin process behavior for v1 container specification Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh (github: dqminh) --- SPEC.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/SPEC.md b/SPEC.md index f5afaadc..2097c7e1 100644 --- a/SPEC.md +++ b/SPEC.md @@ -318,4 +318,27 @@ a container. | Resume | Resume all processes inside the container if paused | | Exec | Execute a new process inside of the container ( requires setns ) | +### Execute a new process inside of a running container. +User can execute a new process inside of a running container. Any binaries to be +executed must be contained within the container's rootfs. + +The started process is jailed inside the current container's rootfs. Any changes +made by the process to the container's filesystem will be persisted after the +process finished executing. + +The started process will join the container's existing namespaces. When the +container is paused, the process will also be paused and will resume when +the container is unpaused. The started process will only run when the container's +primary process (PID 1) is running, and will not be restarted when the container +is restarted. + +The started process will have its own cgroups nested inside the container's +cgroups. This is used for process tracking and optionally resource allocation +handling for the new process. Freezer cgroup is required, the rest of the cgroups +are optional. The process executor must place its pid inside the correct +cgroups before starting the process. This is done so that no child processes or +threads can escape the cgroups. + +When the process stopped, all child processes spawned by the process will be +stopped and the process's cgroups will be removed.