add spec for exec a new process inside a container

document desired execin process behavior for v1 container specification

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)

SPEC.md

@@ -318,4 +318,27 @@ a container.
 | Resume         | Resume all processes inside the container if paused                |
 | Exec           | Execute a new process inside of the container  ( requires setns )  |
 
+### Execute a new process inside of a running container.
 
+User can execute a new process inside of a running container. Any binaries to be
+executed must be contained within the container's rootfs.
+
+The started process is jailed inside the current container's rootfs. Any changes
+made by the process to the container's filesystem will be persisted after the
+process finished executing.
+
+The started process will join the container's existing namespaces. When the
+container is paused, the process will also be paused and will resume when
+the container is unpaused.  The started process will only run when the container's
+primary process (PID 1) is running, and will not be restarted when the container
+is restarted.
+
+The started process will have its own cgroups nested inside the container's
+cgroups. This is used for process tracking and optionally resource allocation
+handling for the new process. Freezer cgroup is required, the rest of the cgroups
+are optional. The process executor must place its pid inside the correct
+cgroups before starting the process. This is done so that no child processes or
+threads can escape the cgroups.
+
+When the process stopped, all child processes spawned by the process will be
+stopped and the process's cgroups will be removed.